it is not a problem of this great plugin but does someone know how can get this data. I do have the data explorer but I do not know the structure of all database tables and in which tables I would have to look for the data and which ones I would have to join in order to get this data.
See the earlier post, I think:
no these site settings were already enabled and that is the data I do already have.
But that does not include the administrative records , as Angus has written above:
And now I am looking how I could extract these administrative records.
Hmm, I thought that was the meaning of extended - itâs everything practically exportable.
Yes, thatâs right. Unfortunately, thereâs not a straightforward answer to this question. This is why those records are not included, as explained above. Note, in particular
That said, to gather additional records containing ther userâs user id, you can use this approach.
-
Install the data explorer plugin
-
Create a new query (perhaps call it âAdditional User Records (GDPR)â)
-
Do a search for âuser_idâ in the schema explorer on the right to see which database tables include a user_id in them. Youâll see that a number of them are already included (see list in OP + âuser activityâ as mentioned in my second post).
-
Determine the
user_id
of the user in question (you can find it at/u/username.json
) -
For each additional table you want to include, construct a query that extracts the rows where the
user_id
matches the relevant id. e.g.select * from [table_name] where user_id = [user_id]
I suggest you review each of these âadditionalâ tables on their own merits, rather than just attempting to download every single record that contains the userâs id.
The records may contain other information, relevant to other users with counterveiling interests, or may be senstive in some other way. Unfortunately thereâs no single answer to the question of âscopeâ here. Youâll need to make that call based on how you read your specific mixture of responsibiities. The GDPR is not the only relevant responsibility here. You shouldnât just hand over every single record that contains a userâs id.
Iâm actually a little unclear whatâs driving the interest in these additional records? Is this something the user has asked for, i.e. beyond whatâs already included? If they havenât whatâs motivating this? A different interpretation of your responsibilities under the GDPR than what Iâve laid out above? If so Iâd be curious to learn more and the legal reasoning behind it (I may want to consider assimilating the reasoning into this plugin).
yes but of course we are not williing to give him all these information. Especially if the records do have also data from other users. We just want to be prepared to have these additional information if really needed. We will most probably not provide these information to this user but we might have to give information to the authorities because we expect that the user will address it to the authorities.
Our new data protection officer also told us that we should at least not yet provide the administrative records.