https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819 --- Comment #15 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jon Knight from comment #14)
Do we need to keep a copy of the template in use during the consent in the database along with the borrower ID and date? The UK ICO page on consenting seems to say we do:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/consent/how-should-we-obtain-record-and-manage-consent/
(second example).
Thx for your interest in this patch. The link says: === If consent was given online, your records should include the data submitted as well as a timestamp to link it to the relevant version of the data capture form. You keep records that include an ID and the data submitted online together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use at that date. === This patch registers the borrower ID and the timestamp of consent given. What each library should keep somehow (not described), is: a version history of the template, esp. the exact text for the consent and a history of the referenced privacy page text. In that way you can 'prove' that the user gave consent for a specific version of template and privacy page. (Note: the privacy page is only specified in this patch by a preference called PrivacyPolicyURL. The library itself should create that local page.) I am no legal expert, but I can't imagine that we need to save these texts at an individual consent level. Hope this is clear enough? -- You are receiving this mail because: You are watching all bug changes.