Self management of people data

Events Made Easy Forums Feature requests Self management of people data

Tagged: 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #58661
    Jfranssen
    Participant

    Hi,

    I like the “GDPR request data” feature. My users are all used as ‘people’ and no WP users.

    Would it be possible to add on the GDPR person data page the possiblity for a user to also modify (some) of its data?

    Thanks in advance,

    J

    #58664
    Franky
    Keymaster

    That is not possible, as they are not registered people and so they can’t prove their identity. I’d need to start using passwords for that, and that’s over the top …
    Also the problem with self-service is that e.g. for members the info needs to be correct (address, phone, …) so for now it needs to be done manually.

    #58665
    Jfranssen
    Participant

    I thought that the nonce system for showing GDPR data should/could be sufficient to prove identity for ‘people’ who don’t have any additional mgt… but it’s just a thought of course 😉

    #58666
    Franky
    Keymaster

    The nonce system is never intended for extreme security … even WP says that. For temporary url access it is of course ok, but for changing of user info I don’t think it would be sufficient.
    But it goes beyond that in how to decide what can be changed, and how. Because not all info is added by the person in question too …

    #61501
    Franky
    Keymaster

    I’m going to think about this one again. Maybe using the nonce and the captcha … or a random id and add the end time for editing in the db too. But I would also need to indicate which fields are allowed for editing then (because fields can be used in the backend to add extra info/access based on groups etc …).
    But I agree people should be able to at least change basic info (name/email/address) for the fields not linked to a WP user.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.