The GDPR protects the data of users on your systems, you must for example remove all the data of users if asked and you must do a lot of stuffs more of course(thank GDPR). But when you are an enterprise, the data of your employee might be owned by the company, and even if the employee left the company, you could need some of his email, files in his home, addresses of his customers, his agendas…
Actually when you delete a user in the server-manager, you remove all the data owned by this user.
Hence we could have two ways to protect the data of a possible erasure, one conservative, one active
We could only state in the documentation, if you want to keep the data of a user, please deactivate the account in the server-manager…simple and efficient, but I must add too the @giacomo’s sentence : Less code, less bug
We could make a global property in the esmith database and do not remove the data when the event user-delete is launched. This way might be better for me because in a real environment, you are several admin and an error could occur…damn I removed the user. Of course backup are for this situation, restore data removed.
Up front, I am not a system administrator; my insight can be completely wrong ; and am curious about the opinion of experienced sys-admins
(As said in one sentence before @gitbub)
I think deleting the user (primary key) and keeping the data (records) in the live environment on disk and in the databases of the applications seems to me as a bad thing to do.
Ideally the user-data of the removed user would be retained on a more static place. To make it even more complex ( sorry @giacomo) : do this asynchronous by a “garbage collector”. A cron job querying the account provider for non-existing users and moving the user-data to this static place…(This would make it work with all variants of account-providers)
But let’s take some distance and try to describe the behavior of the solution with the simple keywords:
{ shall , shall-not , may }
my 2ct:
The solution shall :
make it possible to remove all user-data immediately
make it possible to retain user-data
make it possible to delete all user date any given time after retention
The solution shall-not :
Orphan user-data, making it very hard to delete all user-data any given time after retention.
In my mind is the project-data archiving after finishing it I encountered a lot, move the (static) project data to a “cheap” storage.
Do not bother cleaning it up, just move it out of the (expensive) live environment. You may argue user-data is so limited this is not really a issue… But carrying it around forever does not appeal to me.
I believe there are some more legal considerations to make.
Employee data is always owned by the company. Data of a consumer must be GDPR compliant and to be wiped in an instance on first request.
I myself am using Nethserver in commercial environments, where the data is always owned fully by the client. I do not even know what they store, but still I am ‘processing’ personal data, or at least that could be the case so with that possibility, my company serving clients based on Nethserver, has to be fully GDPR compliant.
It is a legal issue that, in my opinion, should be discussed first. For a US customer (not an employee) must have choices, where a EU customer can demand…
I think so, for not being GDPR compliant or adhere to the GDPR rules may lead to a fine of 4% of global revenue or 20 million euro’s, whatever is the greatest amount
The GDPR doesn’t require a software implementation of listed policy.
You are just required to have some procedures to handle user data, so you can comply even with a simple documentation. You just need to make sure that are procedures are available on request.
We could also base our deletion policy on the account “expired” state. Once an account is both “disabled” and “expired” its data is automatically removed.
Active Directory allows an account to be enabled/disabled but also to set an expiration time. That could be the point in time when any data associated with it is deleted. And it works also with a remote account provider.
Of course, it will be an opt-in policy, I’d say disabled by default.
It depends on too many things… Maybe a local ldap provider can be configured for that, but as openldap is deprecated in rhel 7 we have to plan for directory 389 too
We have three possible situations for NethServer utilisation:
for home -> no GDPR rules. Q: are we sure?
for commercial environment “where the data is always owned fully by the client” (as @LayLow said), generally for hosted web servers, hosted e-mail servers, hosted backups, … -> “Data of a consumer must be GDPR compliant and to be wiped in an instance on first request”.
for company environment where “data of your employee might be owned by the company, and even if the employee left the company, you could need some of his email, files in his home, addresses of his customers, his agendas …” (as @stephdl said).
In any of the above situations we would use NethServer, I do not think an automatic data erasure solution would be indicated, at least for the reason given by @giacomo: “Less code, less bug”.
Also, I don’t think that an automatically erase mechanism will make NethServer to be GDPR compliant.
And I don’t know if a software must or can be GDPR compliant.
It’s not about “GDPR compliant”, it’s about “GDPR rules”.
As far as I know and understand, in a few words, to respect GDPR rules, means that the users data are kept safe, can be deleted by request and there is a mechanism to audit the access to these data.
NethServer keep data safe, there is at least an audit mechanism (samba audit module) and by request, the Administrator can delete data.
; and am curious about the opinion of experienced sys-admins
