[Koha-bugs] [Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #15 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jon Knight from comment #14)
> Do we need to keep a copy of the template in use during the consent in the
> database along with the borrower ID and date?  The UK ICO page on consenting
> seems to say we do:
> 
> https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-
> regulation-gdpr/consent/how-should-we-obtain-record-and-manage-consent/
> 
> (second example).

Thx for your interest in this patch.

The link says:
===
If consent was given online, your records should include the data submitted as
well as a timestamp to link it to the relevant version of the data capture
form.
You keep records that include an ID and the data submitted online together with
a timestamp. You also keep a copy of the version of the data-capture form and
any other relevant documents in use at that date.
===

This patch registers the borrower ID and the timestamp of consent given. What
each library should keep somehow (not described), is: a version history of the
template, esp. the exact text for the consent and a history of the referenced
privacy page text. In that way you can 'prove' that the user gave consent for a
specific version of template and privacy page.
(Note: the privacy page is only specified in this patch by a preference called
PrivacyPolicyURL. The library itself should create that local page.)

I am no legal expert, but I can't imagine that we need to save these texts at
an individual consent level.
Hope this is clear enough?

-- 
You are receiving this mail because:
You are watching all bug changes.