Deleting Users: GDPR compliant #3013
Labels
Comments
brandonkelly
added
enhancement
|
User deletion can have unintended side effects, so I think this is something we should add alongside an archive feature (#867), which would automatically hard-delete things after they’ve been archived for >30 or 60 days. Adding to the 3.1 backlog… |
|
Done for 3.1 (currently in Dev Preview). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Currently in Craft CMS to be able to delete a user, a user needs to have the permissions which will delete the User Element. Since the GDPR as literally a pain in the ass for most people, there should be a way that the user ( If you work with a registry system for end-users in Craft CMS ) can always delete himself.
According to the rules, A user should be able to delete himself, or deactivate his account , and after 60 days automatically be deleted.
In case we create an E-Commerce and the user has an account, the user must be able to log in into his account, and have the function "delete my profile"
Right now this can be accomplished through a Front-End form and giving them no access to the admin panel, but the ability to delete users, but it means they could delete other users too, which is very unlikely if everything works through the front-end, but I can see that this will open up potential security issues.
I'm also aware that there is a plugin:
https://github.com/bymayo/craft-delete-account
But I'm convinced this should be built in functionality.
The text was updated successfully, but these errors were encountered: