DMPRoadmap
Create an automated user account deletion workflow
Following GDPR, we've received several requests to delete user accounts. Currently, we delete them from the live service and manual intervention is needed to ensure the user is also deleted from back-ups. (adding user id to a file to be stored with the backups to check that the next synchronisation will remove the account also there)
@raycarrick-ed suggested that this could be automated and configurable, so if wanted, deleting an account on the live system could trigger writing the id into a file stored with the backups.
Adding today's slack conversation: User suggestion: I would like to suggest adding a function to the 'edit profile' page that would enable users to delete their account (to enable users to exercise their right to data erasure). In addition, it would be nice that next to the 'delete my account' option, a 'download my data' option would also be created to implement the right of data access and data portability.
Our concern: The delete account option has been discussed a few times. The main problem is the consistency of the data remaining. By removing the user, his /hers plans or templates can become broken. Regarding the download of data users can download each plan, I guess it wouldn’t be a problem to check how many plans were there and to download them together. Also, since we're also starting to discuss versioning and we are minting DMP IDs (aka DOIs) for DMPs, we also need to consider what becomes of historical versions of a plan and what becomes of a publicly visible plan or a plan with a DOI if the user wants to delete their account. A DOI is a persistent identifier, if a user wants to remove their account is it correct to un-persist the DOI?
