Are these things possible? Any idea of how? (GDPR compliance of Mautic)

Hi,
my client’s lawyer is asking me to implement a few things inside Mautic in order to abide the GDPR laws here in Italy. I searched around but I cannot find a solution for these things. Can you help me find solutions (possibly free plugins)?

• 2 Factor Authentication (it can be via Email, not necessarily via App or SMS)
• user password expires every 90 days
• encrypted DB (not just for the login information, but for everything else)
• automatic way for the user to delete his data from our database (the same way autoresponders do with the unsubscribe button, but deleting completely the information from the DB without admin intervention)
• a way to pseudonymize the contact information in case there’s a request for deletion (no idea what that means…)

Thank you
Enrico

I’m not a lawyer, and I think some of the requests are not requred by GDPR (I also understand this is not the question.)

However:

Is a real requirement to be fully GDPR compliant. I have been searching for a solution for half year now, and might even put a bounty for it if someone can make a good plugin.

This:

a way to pseudonymize the contact information in case there’s a request for deletion

Means, that let’s say you save customer data in Mautic after purchase. Some data has to be kept for taxation reasons, but the user requested deletion. In this case you’d pseud… the data to make sure you are dealing in accordance with the GDPR and also the TAX law in that certain country. (Depends on your country.)

J

Thank you @joeyk for your kind reply and for the explanation

I agree with you: some of the things sound too “extreme” to be imposed by GDPR (in fact, I think the lawyer I talked to is not exactly specialized in this… which should be worrying for my client ). Plus I haven’t seen them used on similar businesses.

These things, however, will be useful for my client and, I’m sure, many other big operations like this one.

This is why I’m seriously considering the idea of having someone develop all these things in the next few months. Seems weird, however, that Mautic doesn’t have these features ready

Well said.
I am actively searching for an option to encrypt all data and pseudonymize deleted data.
For me it is clear, that it will be needed in the GDPR effected countries sooner or later, and I would like to offer it to our Mautic customers sooner than later.
There are many initiatives in Mautic right now, I’m not sure we can push one more through.

If anyone is interested to cooperate, drop a line here in this tread.

Joey

We are facing a similar problem right now. Unfortunately, the contacts would have to be deleted under data protection law. If the contacts are deleted, they are no longer displayed in the Mautic statistics. We had thought about creating a campaign, where the contact information is updated for contacts who are logged out of the segment with “do not contact”, so that the personal values (mail, first and last name) are replaced by default. Consequently, we would then have many contacts with the same name. Nevertheless, the tracking would not be lost. However, we are unsure if this is the best solution. What do you think about our solution or does anyone have a better way to solve the problem? Thank you for your support

Check this:

Regarding the deletion of user data:

I would like to add one possibility for free:
You can use our doi plugin for mautic in the newest version.

You can find it under:

In the newest release you got the feature to update lead fields after doi with other lead fields
OR use a set of specific tokens the plugin provide ( {tokenid}, {doi_ip}, {doi_timestamp} ).

For the use case you describe you would configure the plugin in a way that AFTER a successful “doi” you
overwrite the lead fields with the content of {tokenid} (which is a cryptografic save random string)

for example like this:

Config Option:
Update Lead Fields after successfull DOI

Value:

email={tokenid},firstname={tokenid},lastname={tokenid}

This would allow a workflow like this:

• A user would request deletion of his data via mautic form
• the mautic form use our doi plugin to send a doi email
• after the user clicks the doi confirmation link (=prove that he owns the data)
  the plugin would overwrite the important lead fields with random strings

But still two thing left to do:

1. This would leave the audit_log entries and the form_submissions entries

Both tables could identify the original lead or contain sensitive user data.

From my point of view you could solve this case if you write a specific keyword in one lead field
and then delete via cronjob and sql statement every entry in this tables with this key word.

Assuming that you have a custom lead field with name anonymization and it got the value = 1 ( if you want to delete the entries)

it would be something like this to run regulary via cron job:

php bin/console doctrine:query:sql 'DELETE form_submissions from form_submissions join leads on leads.id=form_submissions.lead_id where leads.anonymization=1;'

php bin/console doctrine:query:sql 'DELETE audit_log FROM audit_log JOIN leads on audit_log.object_id = leads.id and audit_log.object = 'lead' where leads.anonymization=1;'

This would run this queries to delete the entries in audit_log and form_submissions:

DELETE form_submissions from form_submissions 
	join leads on leads.id=form_submissions.lead_id 
	where leads.anonymization=1;
	

DELETE audit_log FROM audit_log 
	JOIN leads on audit_log.object_id = leads.id and audit_log.object = 'lead'
	where leads.anonymization=1;

and you need to config the doi action like this:

Config Option:
Update Lead Fields after successfull DOI

Value:
email={tokenid},firstname={tokenid},lastname={tokenid},anonymization=1

2. You need to enable mautics ip anonymization

Regarding the gdpr cleanup thinks I would like to cross reference this thread:

https://forum.mautic.org/t/mautic-database-is-huge-can-i-manually-delete-old-records/22646/29

This describes also how to delete old data from the mautic database