Continuing the discussion from General Data Protection Regulation:
The GDPR enforce the right to erasure. To help companies to be GDPR compliant, we could provide a generic tool for this.
We could consider that personal data can be defined as a set of data that can be reach via any relation from a party, for example: addresses, contact mechanisms, identifiers, bank accounts etc.
As Tryton is using a relational database to store data, there is no duplication of those personal data. But this means also that they can not be deleted without having a cascade effect or break that database integrity.
So the proposal is to simply nullify or hash the existing data so they can no more identify the person.
The solution should be extensible to allow each modules to define the fields that must be erased and how to erase it.
We can use the same design as for Party duplication.
The party module define a generic wizard to erase the personal data of a selected party.
The wizard must ensure that the party can be erased by raising a warning if some condition are meet, for example: some parties can not be erased: with open sales, purchases or invoice or with dunning etc. This check must be filled by each modules.
The fields to be erased will be defined as a path from the party record. For example to erase the street field of the addresses:
addresses/street, or to erase the bank accounts:
For each field, the method to erase will be passed. By default there will be:
None to nullify and
md5 to hash with md5.
The wizard must perform the operations also on the parties that the selected party replace (included the condition) and on the historized row. The operations must be performed with SQL queries to avoid the creation of history record and skip any ORM constraint.
A special keyword will be used to remove the attachment links. Ex: