Is ERPNext GDPR-Ready?

It seems that this Issue “To make ERPNext for GDPR ready” has already the needed things listed.

Notify, that in EU market if a company is not complying the GDPR it can get enormous fines, 4% of the company turnover and even up to 20 million euro (about 22,8 million dollars). That’s why this is extremely important. We have also listed this in the bounty of correcting the webstore / shopping cart flow that we made today.

1 Like

This is really dissapointing that it has not been implemented yet. We are all not in compliance with GDPR and now risk massive fines

This from May 2018

Thanks for the resource and advice. We agree with your suggestion to consult a legal entity over this.

Regards,
Prateeksha Singh

Good that this has been put back on the agenda…I have little insight in the number of paying (Frappe Cloud) customers from the EU…That may explain the sluggish adaptation…

This looks like a great list. Speaking for @Steve_Simonson, we are anxious to see this get developed. I will look for an outside resource that could let us know if we are missing anything.

1 Like

Possibly, but not an excuse. It is not about the cloud users, but the information the cloud users put on the system. Even if there are NO companies using the cloud version that are EU based, if even one of those companies put one customer on that system with EU residency then ERPNExt must be GDPR compliant.

1 Like

This is true. This is actually crucial for ERPNext. The EU authorities may come after ERPNext as well. The easiest solution of course is to get asap e.g. a selection box for a webstore client “I have read the terms and privacy policy” and then all webstore owners can make their own privacy policies by themselves. But of course we are not only talking about webstores here.

Related to this GDPR question, what comes to generally for shopping cart and checkout in which also this GDPR should be taken care of, we have formed a group to develop matters forward.

You are welcome to join / follow:

Last year, we had a meeting in Germany with our IT-lawyer and Frame. We gave @Basawaraj_Savalagi & @Ketan all information necessary to become GDPR ready. We also emphasized the importance of this topic for the EU market and the risks (e.g. fees) of not being compliant.

1 Like

Hi @Mario_Truss, could you please share these informations in this forum ?

Has anyone managed to implement GDPR functionality? We are wanting to include cookies consent to be GDPR compliant at the moment.

Also have concerns regarding the way customer information is stored on ERP.

In addition to this I’ve actually just realised that the Frappe website doesn’t ask for consent…

Looks like @rmeyer was part of a team that built this

Could you kindly fill us in on the status of the project and whether v13 is supported.

TIA!

Hi @adam26d,

in this app we created some DocTypes for structured documentation of the data you collect, including data categories, purpose of collecting, and storage duration. However this was just an experiment. As far as i know it’s not used in production anywhere. It was developed on v11, if I remember correctly.

Anyone is welcome to port it to newer versions, continue development, or hire us to do it.

GDPR compliance such as Personal Data Download & Personal Data Deletions are now available under frappe app please check below link for reference

https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/personal-data-download

https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/personal-data-deletion

With regards to GDPR, one technique is to place an Anonymize checkbox to the DocType definition. For those fields with checked Anonymize, the reports and lists may show asterisks instead of the actual data. For permissions, you may have a permission level like GDPR or privacy-access which will show the actual data for those with this authority level.

How to delete user? Everything you need to know about the "Right to be forgotten" - GDPR.eu

Any workaround for this?

1 Like

An idea for deleting a user is to rename it with random strings like deleted_01 in all personal fields.

Thoughts?

1 Like

Does anyone here know what is missing from Frappe/ERPNext to be fully GDPR compliant?

I’m looking for a cookie consent feature for ERPNext. It’s mandatory to have consent of the user to install cookie. How can I manage this consent on ERPNext ?

1 Like

Cookie bar possible? - ERPNext / Customize ERPNext - ERPNext Forum

This was a previous discussion about implementing a cookie bar on the frontend website.

1 Like