Is ERPNext GDPR-Ready?

generare · November 21, 2018, 2:02pm

It seems that this Issue “To make ERPNext for GDPR ready” has already the needed things listed.

Notify, that in EU market if a company is not complying the GDPR it can get enormous fines, 4% of the company turnover and even up to 20 million euro (about 22,8 million dollars). That’s why this is extremely important. We have also listed this in the bounty of correcting the webstore / shopping cart flow that we made today.

Ron_Taylor · November 21, 2018, 2:20pm

This is really dissapointing that it has not been implemented yet. We are all not in compliance with GDPR and now risk massive fines

This from May 2018

Thanks for the resource and advice. We agree with your suggestion to consult a legal entity over this.

Regards,
Prateeksha Singh

becht_robert · November 21, 2018, 4:04pm

Good that this has been put back on the agenda…I have little insight in the number of paying (Frappe Cloud) customers from the EU…That may explain the sluggish adaptation…

MichaelPinkowski · November 21, 2018, 5:32pm

This looks like a great list. Speaking for @Steve_Simonson, we are anxious to see this get developed. I will look for an outside resource that could let us know if we are missing anything.

Ron_Taylor · November 21, 2018, 11:36pm

Possibly, but not an excuse. It is not about the cloud users, but the information the cloud users put on the system. Even if there are NO companies using the cloud version that are EU based, if even one of those companies put one customer on that system with EU residency then ERPNExt must be GDPR compliant.

generare · November 23, 2018, 10:48am

This is true. This is actually crucial for ERPNext. The EU authorities may come after ERPNext as well. The easiest solution of course is to get asap e.g. a selection box for a webstore client “I have read the terms and privacy policy” and then all webstore owners can make their own privacy policies by themselves. But of course we are not only talking about webstores here.

generare · November 30, 2018, 4:23pm

Related to this GDPR question, what comes to generally for shopping cart and checkout in which also this GDPR should be taken care of, we have formed a group to develop matters forward.

You are welcome to join / follow:

Mario_Truss · May 25, 2020, 9:07am

Last year, we had a meeting in Germany with our IT-lawyer and Frame. We gave @Basawaraj_Savalagi & @Ketan all information necessary to become GDPR ready. We also emphasized the importance of this topic for the EU market and the risks (e.g. fees) of not being compliant.

jodeq · May 31, 2020, 6:51pm

Hi @Mario_Truss, could you please share these informations in this forum ?

stuartKersten · September 7, 2020, 7:31am

Has anyone managed to implement GDPR functionality? We are wanting to include cookies consent to be GDPR compliant at the moment.

Also have concerns regarding the way customer information is stored on ERP.

stuartKersten · September 7, 2020, 7:34am

In addition to this I’ve actually just realised that the Frappe website doesn’t ask for consent…

adam26d · July 12, 2021, 9:21am

Looks like @rmeyer was part of a team that built this

Could you kindly fill us in on the status of the project and whether v13 is supported.

TIA!

rmeyer · July 12, 2021, 10:06am

Hi @adam26d,

in this app we created some DocTypes for structured documentation of the data you collect, including data categories, purpose of collecting, and storage duration. However this was just an experiment. As far as i know it’s not used in production anywhere. It was developed on v11, if I remember correctly.

Anyone is welcome to port it to newer versions, continue development, or hire us to do it.

Aadhil_P_M · July 12, 2021, 1:48pm

GDPR compliance such as Personal Data Download & Personal Data Deletions are now available under frappe app please check below link for reference

https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/personal-data-download

https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/personal-data-deletion

Joseph_Marie_Alba1 · July 12, 2021, 1:56pm

With regards to GDPR, one technique is to place an Anonymize checkbox to the DocType definition. For those fields with checked Anonymize, the reports and lists may show asterisks instead of the actual data. For permissions, you may have a permission level like GDPR or privacy-access which will show the actual data for those with this authority level.

revant_one · July 12, 2021, 4:08pm

How to delete user? Everything you need to know about the "Right to be forgotten" - GDPR.eu

Any workaround for this?

adam26d · July 12, 2021, 5:10pm

An idea for deleting a user is to rename it with random strings like deleted_01 in all personal fields.

Thoughts?

adam26d · July 13, 2021, 8:33am

Does anyone here know what is missing from Frappe/ERPNext to be fully GDPR compliant?

jbpin · April 23, 2022, 7:24am

I’m looking for a cookie consent feature for ERPNext. It’s mandatory to have consent of the user to install cookie. How can I manage this consent on ERPNext ?

Kieran · April 23, 2022, 10:01am

Cookie bar possible? - ERPNext / Customize ERPNext - ERPNext Forum

This was a previous discussion about implementing a cookie bar on the frontend website.