There is a new EU law called General Data Protection Regulation (Short, GDPR) that impacts how Blesta may need to handle customer data. See https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ for the official legislation.

In short, it addresses how we store and use customer data. From what I've seen so far in how this may impact Blesta:

• Customers have to consent to their data being stored (possibly an option during checkout?)
• Customers may request to have their information deleted (personal data, emails, tickets, but may retain transaction, and invoice data for financial reasons)
• Customers should be able to address inaccuracies with their data (customers can update their information currently, so may be fine there)
• Customers should be able to opt out of direct marketing (possibly an option in client area + checkout? Custom client field suffice? Actually, it seems like maybe direct marketing must be opt-in, not opt out.. another option when creating an account?)
• Customer data portability, should be able to request a machine readable format of their data (CSV or json format for example) Should include IP addresses for the customer we may have logged See CORE-2672
• Language upon registration/signup/order detailing what information is collected and how it is used and how long it is stored. (could be a text area that each company could fill out as their GDPR statement)
• And? Must research to see what else the EU puppet masters have required.

The deadline for GDPR seems to be May 28, 2018

Consider location based decisions on whether GDPR features are enabled. For example, some companies may only want to enable for EU countries. This can be done via GeoIP and/or provided country.

More at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Settings

Defer this option. The only setting for now will be CORE-2674. This setting will be useful later when adding a method for clients to request through the interface data portability, or account deletion.

Add a new section under Settings > Company > General > GDPR
[ ] Enable GDPR ? (tooltip)

Unchecked by default. If checked, display several other options that define how it will work. (more to come)

Who does it apply to?
Everyone ( ) Clients only in countries I select below

Client Interface

Defer this option. Clients can make a request for their data manually by contacting the company by whatever other means possible. We can add a place in the Client interface in a future release.

Clients must be able to request a copy of their data (Right to data), and request that their data be erased (Right to erasure), but only if GDPR is enabled, and the client is within an applicable country. Though, it would be possible for a client to change their country, and then erase their data to get around this. Requests for data or erasure must be processed within 30 days, and these requests would not happen immediately but would be queued for staff to process.

Staff Interface

Defer this option. Staff can accept and process requests outside of the interface. Per CORE-2672, staff with access to reports can generate a JSON file for portability, and provide this to the customer by whatever means they see fit.

Staff need a section (ACL controlled) that allow client requests for data, or erasure to be queued and processed.

Consent

As part of the country and GDPR settings mentioned above, we considered adding an unchecked checkbox to the order form that the user must check to give their consent in collecting their data. While we should still add this option along with those settings in the future, it appears that since there is a lawful basis in collecting the data (to provide the service being ordered), specific consent may not be required.

Mass Mailer

The Mass mailer plugin will need to be updated to observe opt-in or opt-out requests, but should be able to be overridden for cases where the email is not marketing in nature. This should be created as a sub-task.

[x] Skip clients that do not wish to receive marketing emails

See sub-task CORE-2673

Automation

An automation task should delete (or replace) client data where a client has been inactive for a defined period of time. The client should have no open invoices, recurring invoices or services. See subtask CORE-2671