Self management of people data

[Jfranssen]

Hi,

I like the “GDPR request data” feature. My users are all used as ‘people’ and no WP users.

Would it be possible to add on the GDPR person data page the possiblity for a user to also modify (some) of its data?

Thanks in advance,

J

[Franky]

That is not possible, as they are not registered people and so they can’t prove their identity. I’d need to start using passwords for that, and that’s over the top …
Also the problem with self-service is that e.g. for members the info needs to be correct (address, phone, …) so for now it needs to be done manually.

[Jfranssen]

I thought that the nonce system for showing GDPR data should/could be sufficient to prove identity for ‘people’ who don’t have any additional mgt… but it’s just a thought of course 😉

[Franky]

The nonce system is never intended for extreme security … even WP says that. For temporary url access it is of course ok, but for changing of user info I don’t think it would be sufficient.
But it goes beyond that in how to decide what can be changed, and how. Because not all info is added by the person in question too …

[Franky]

I’m going to think about this one again. Maybe using the nonce and the captcha … or a random id and add the end time for editing in the db too. But I would also need to indicate which fields are allowed for editing then (because fields can be used in the backend to add extra info/access based on groups etc …).
But I agree people should be able to at least change basic info (name/email/address) for the fields not linked to a WP user.

[Author]

Posts