GDPR Support (Later) (UXPROD-1641)

[UXPROD-286] GDPR Registry of Modules Consuming User Personal Data Created: 03/Mar/18  Updated: 10/Dec/21

Status: Open
Project: UX Product
Components: None
Affects versions: None
Fix versions: None
Parent: GDPR Support (Later)

Type: New Feature Priority: P3
Reporter: VBar Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: gdpr, privacy
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to UXPROD-327 Storage for User Data Consumer Registry Open
relates to UXPROD-328 Modify User endpoints to capture cons... Open
Potential Workaround: HK - Not code needed for this. Technical documentation needs to be created for all FOLIO applications that clearly define the data used by each of the applications.
Epic Link: GDPR Support (Later)
Front End Estimator: VBar
Back End Estimate: XL < 15 days
Back End Estimator: VBar
PO Rank: 104
PO Ranking Note: CB: Ranking same as calculated
Rank: BNCF (MVP Feb 2020): R1
Rank: Chalmers (Impl Aut 2019): R1
Rank: Chicago (MVP Sum 2020): R4
Rank: Cornell (Full Sum 2021): R4
Rank: Duke (Full Sum 2021): R4
Rank: 5Colleges (Full Jul 2021): R2
Rank: FLO (MVP Sum 2020): R2
Rank: GBV (MVP Sum 2020): R4
Rank: hbz (TBD): R1
Rank: Hungary (MVP End 2020): R1
Rank: Lehigh (MVP Summer 2020): R4
Rank: Leipzig (Full TBD): R1
Rank: Leipzig (ERM Aut 2019): R5
Rank: TAMU (MVP Jan 2021): R4
Rank: U of AL (MVP Oct 2020): R4

 Description   

Compliance to GDPR's privacy requirements is achieved in Folio though retaining all user personal data within the User Domain. Typically, pre-anonymised user data will be provided to other domains such as circulation. However, resolved user data must be delivered outside the domain, if only for the purposes of presentation. This implies that there exists user interfaces that reveal the user personal data. Therefore, there is the potential that personal data could leak outside the user domain. In order to create a trail for any future audits or investigation, a registry is used to identify and record which other system components access personal user data.

Estimates from stories:
UXPROD-328 Open Modify User endpoints to capture consumers FE: None BE: Medium < 5 days
UXPROD-327 Open Storage for User Data Consumer Registry FE: None BE: Large < 10 days



 Comments   
Comment by Cate Boerema (Inactive) [ 05/Sep/18 ]

Removing the Q3 2018 fix version as this feature will not make that release.

Generated at Fri Feb 09 00:07:05 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.