It seems that this Issue “To make ERPNext for GDPR ready” has already the needed things listed.
Notify, that in EU market if a company is not complying the GDPR it can get enormous fines, 4% of the company turnover and even up to 20 million euro (about 22,8 million dollars). That’s why this is extremely important. We have also listed this in the bounty of correcting the webstore / shopping cart flow that we made today.
Possibly, but not an excuse. It is not about the cloud users, but the information the cloud users put on the system. Even if there are NO companies using the cloud version that are EU based, if even one of those companies put one customer on that system with EU residency then ERPNExt must be GDPR compliant.
Last year, we had a meeting in Germany with our IT-lawyer and Frame. We gave @Basawaraj_Savalagi & @Ketan all information necessary to become GDPR ready. We also emphasized the importance of this topic for the EU market and the risks (e.g. fees) of not being compliant.
in this app we created some DocTypes for structured documentation of the data you collect, including data categories, purpose of collecting, and storage duration. However this was just an experiment. As far as i know it’s not used in production anywhere. It was developed on v11, if I remember correctly.
Anyone is welcome to port it to newer versions, continue development, or hire us to do it.
With regards to GDPR, one technique is to place an Anonymize checkbox to the DocType definition. For those fields with checked Anonymize, the reports and lists may show asterisks instead of the actual data. For permissions, you may have a permission level like GDPR or privacy-access which will show the actual data for those with this authority level.