GDPR: Right of access


(Cédric Krier) #1

Continuing the discussion from General Data Protection Regulation:

Rational

The GDPR enforce the right of access. To help companies to be GDPR compliant, we could provide a generic tool for this.

Proposal

The tools from from Right to erasure could be reused as the definition of what are the personal data to be exported. But we should allow to extend it for the export only.

Implementation

We reuse the erase definition from Right to erasure as the field names to call ModelStorage.export_data on the selected party.


(Cédric Krier) #2

As the design has changed, I’m wondering if we should not simply create via XML, a ir.export record and each module will be free to complete the fields.


(Cédric Krier) #3

I’m also wondering if it is really possible to define a standard export. I think this is really linked to company’s choices.