it is not a problem of this great plugin but does someone know how can get this data. I do have the data explorer but I do not know the structure of all database tables and in which tables I would have to look for the data and which ones I would have to join in order to get this data.
See the earlier post, I think:
no these site settings were already enabled and that is the data I do already have.
But that does not include the administrative records , as Angus has written above:
And now I am looking how I could extract these administrative records.
Hmm, I thought that was the meaning of extended - itās everything practically exportable.
Yes, thatās right. Unfortunately, thereās not a straightforward answer to this question. This is why those records are not included, as explained above. Note, in particular
That said, to gather additional records containing ther userās user id, you can use this approach.
-
Install the data explorer plugin
-
Create a new query (perhaps call it āAdditional User Records (GDPR)ā)
-
Do a search for āuser_idā in the schema explorer on the right to see which database tables include a user_id in them. Youāll see that a number of them are already included (see list in OP + āuser activityā as mentioned in my second post).
-
Determine the
user_idof the user in question (you can find it at/u/username.json) -
For each additional table you want to include, construct a query that extracts the rows where the
user_idmatches the relevant id. e.g.select * from [table_name] where user_id = [user_id]
I suggest you review each of these āadditionalā tables on their own merits, rather than just attempting to download every single record that contains the userās id.
The records may contain other information, relevant to other users with counterveiling interests, or may be senstive in some other way. Unfortunately thereās no single answer to the question of āscopeā here. Youāll need to make that call based on how you read your specific mixture of responsibiities. The GDPR is not the only relevant responsibility here. You shouldnāt just hand over every single record that contains a userās id.
Iām actually a little unclear whatās driving the interest in these additional records? Is this something the user has asked for, i.e. beyond whatās already included? If they havenāt whatās motivating this? A different interpretation of your responsibilities under the GDPR than what Iāve laid out above? If so Iād be curious to learn more and the legal reasoning behind it (I may want to consider assimilating the reasoning into this plugin).
2 Likes
yes but of course we are not williing to give him all these information. Especially if the records do have also data from other users. We just want to be prepared to have these additional information if really needed. We will most probably not provide these information to this user but we might have to give information to the authorities because we expect that the user will address it to the authorities.
Our new data protection officer also told us that we should at least not yet provide the administrative records.
1 Like
I see.
If your data protection officer decides that additional records are needed, and has some tables in mind, I would be happy to provide a more specific sql query to help you out. For the reasons I mentioned, I donāt want to nominate specific additional tables to be provided as a general piece of advice outside of the context of a case.
But if you need something specific as this case progresses, Iād be happy to help you out pro bono, as that is in the spirit of this plugin, i.e. to make it easier for Discourse communities to navigate the GDPR. If that happens, and you have specific tables in mind, and youāre in need of assistance with the SQL query, PM me here on meta.
In short, Iām happy to provide some ad-hoc technical (non-legal) assistance to Discourse communities in response to specific cases under the GDPR, but Iām conscious of not setting general standards beyond the scope of what is reasonable for the majority of cases. If there is a legal argument of that sort that the scope of the plugin should be expanded, Iām open to it.
4 Likes
well our data protection officer told me that there is at least currently no need to extract additional administrative data. Thanks a lot for your help and if needed I would get back to you.
3 Likes
This plugin is great!
Handling GDPR subject access requests is a pain, a total time drain, and this helps cover all of that with much more confidence. Thank you.
Are there any plans to add more features? Particularly Iām struggling with data retention and minimisation principals. Specifically Iām interested in minimising āadministrative recordsā - whispers and posts in team areas which could contain notes on IP addresses and other personally identifying data that needs sifting and searching by hand. Five years on thereās too much to audit, and little value in the old messages so I want / need to permanently delete them. Iād actually like to have just a 6 month retention policy on such messages and whispers.
So I can select and delete stuff using rake, but itās just marked deleted and still all there in the database 
Iāve therefore been thinking about an āobliteratorā plug-in that would either change the raw and cooked text of deleted posts to something like āthis message has been obliteratedā, or (preferably) unpick and remove the posts entirely. Having never written ruby or a plug-in, Iām not at an ideal starting position, though could potentially just write some SQL to run against the db directly, then use rake to rebuild the search indexes afterwards.
@angus - I did wonder if in your legal considerations you had any thoughts on the data retention aspects of GDPR, and how you handle it?
1 Like
Interesting!
Yes, Iām open to adding a feature for that. Iāll have to consider it in some more depth after doing a bit more research.
Could you please a detailed feature request (select āLegal Toolsā at the plugin step) laying out all the relevant details of your use case and any other research youāve collected, Iāll then follow up and engage after doing a bit of background.
2 Likes