Are these things possible? Any idea of how? (GDPR compliance of Mautic)

Hi,
my client’s lawyer is asking me to implement a few things inside Mautic in order to abide the GDPR laws here in Italy. I searched around but I cannot find a solution for these things. Can you help me find solutions (possibly free plugins)?

  • 2 Factor Authentication (it can be via Email, not necessarily via App or SMS)
  • user password expires every 90 days
  • encrypted DB (not just for the login information, but for everything else)
  • automatic way for the user to delete his data from our database (the same way autoresponders do with the unsubscribe button, but deleting completely the information from the DB without admin intervention)
  • a way to pseudonymize the contact information in case there’s a request for deletion (no idea what that means…)

Thank you :slight_smile:
Enrico

I’m not a lawyer, and I think some of the requests are not requred by GDPR (I also understand this is not the question.)

However:

Is a real requirement to be fully GDPR compliant. I have been searching for a solution for half year now, and might even put a bounty for it if someone can make a good plugin.

This:

a way to pseudonymize the contact information in case there’s a request for deletion

Means, that let’s say you save customer data in Mautic after purchase. Some data has to be kept for taxation reasons, but the user requested deletion. In this case you’d pseud… the data to make sure you are dealing in accordance with the GDPR and also the TAX law in that certain country. (Depends on your country.)

J

1 Like

Thank you @joeyk for your kind reply and for the explanation :slight_smile:

I agree with you: some of the things sound too “extreme” to be imposed by GDPR (in fact, I think the lawyer I talked to is not exactly specialized in this… which should be worrying for my client :rofl: ). Plus I haven’t seen them used on similar businesses.

These things, however, will be useful for my client and, I’m sure, many other big operations like this one.

This is why I’m seriously considering the idea of having someone develop all these things in the next few months. Seems weird, however, that Mautic doesn’t have these features ready :no_mouth:

Well said.
I am actively searching for an option to encrypt all data and pseudonymize deleted data.
For me it is clear, that it will be needed in the GDPR effected countries sooner or later, and I would like to offer it to our Mautic customers sooner than later.
There are many initiatives in Mautic right now, I’m not sure we can push one more through.

If anyone is interested to cooperate, drop a line here in this tread.

Joey