my client’s lawyer is asking me to implement a few things inside Mautic in order to abide the GDPR laws here in Italy. I searched around but I cannot find a solution for these things. Can you help me find solutions (possibly free plugins)?
2 Factor Authentication (it can be via Email, not necessarily via App or SMS)
user password expires every 90 days
encrypted DB (not just for the login information, but for everything else)
automatic way for the user to delete his data from our database (the same way autoresponders do with the unsubscribe button, but deleting completely the information from the DB without admin intervention)
a way to pseudonymize the contact information in case there’s a request for deletion (no idea what that means…)
I’m not a lawyer, and I think some of the requests are not requred by GDPR (I also understand this is not the question.)
Is a real requirement to be fully GDPR compliant. I have been searching for a solution for half year now, and might even put a bounty for it if someone can make a good plugin.
a way to pseudonymize the contact information in case there’s a request for deletion
Means, that let’s say you save customer data in Mautic after purchase. Some data has to be kept for taxation reasons, but the user requested deletion. In this case you’d pseud… the data to make sure you are dealing in accordance with the GDPR and also the TAX law in that certain country. (Depends on your country.)
Thank you @joeyk for your kind reply and for the explanation
I agree with you: some of the things sound too “extreme” to be imposed by GDPR (in fact, I think the lawyer I talked to is not exactly specialized in this… which should be worrying for my client ). Plus I haven’t seen them used on similar businesses.
These things, however, will be useful for my client and, I’m sure, many other big operations like this one.
This is why I’m seriously considering the idea of having someone develop all these things in the next few months. Seems weird, however, that Mautic doesn’t have these features ready
I am actively searching for an option to encrypt all data and pseudonymize deleted data.
For me it is clear, that it will be needed in the GDPR effected countries sooner or later, and I would like to offer it to our Mautic customers sooner than later.
There are many initiatives in Mautic right now, I’m not sure we can push one more through.
If anyone is interested to cooperate, drop a line here in this tread.
We are facing a similar problem right now. Unfortunately, the contacts would have to be deleted under data protection law. If the contacts are deleted, they are no longer displayed in the Mautic statistics. We had thought about creating a campaign, where the contact information is updated for contacts who are logged out of the segment with “do not contact”, so that the personal values (mail, first and last name) are replaced by default. Consequently, we would then have many contacts with the same name. Nevertheless, the tracking would not be lost. However, we are unsure if this is the best solution. What do you think about our solution or does anyone have a better way to solve the problem? Thank you for your support