GDPR Package

Published 6 months ago by votemike

Does anyone know of any packages that deal with the upcoming GDPR regulations? Or would it be worth updating core Laravel to deal with these regulations (as the regulations apply to any business done in or with the EU). I would imagine this would include things such as a checkbox when registering to agree to terms & conditions. Also some in-built way for a user to delete their account (right to be forgotten) and to anonymise any data linked to the user (such as an order linked to a user). There must also be a way for users to update their information, so a user-edit screen in core laravel when the Auth is built would be useful. As well as that, users have the right to request ALL information stored about them.

Cronix
Cronix
6 months ago (797,050 XP)

I doubt there would be a package for it as it would differ from use-case to use-case.

For deleting, just create a delete function that deletes all of their associated data.

$user->products->invoices()->delete();
$user->products()->delete();
$user->delete();

etc.

Laravel already has a validation rule for a checkbox. https://laravel.com/docs/5.6/validation#rule-accepted

If you need encryption, you can create mutators/accessors for the fields that need it. accessor (retrieving from db) would decrypt the field, mutator (when storing to db) would encrypt it. https://laravel.com/docs/5.6/eloquent-mutators

The problem with encrypted fields though, is they wouldn't be searchable. Like if the email field was encrypted, you wouldn't be able to do "where email = '[email protected]'" since the actual value in the db is 23l;4rh;siyu3po4i5h or something.

martinbean

@votemike You can’t wrap legislation up into a “package”.

The term “application” can be used in two contexts, as the legislation is applied to your web application, so it’s up to each developer as to how it’s handled.

Compliance with laws isn’t something you can just composer require.

Snapey
Snapey
6 months ago (1,044,115 XP)

Similarly, the legislation does not dictate how you should comply. You have to take steps to make sure you comply, not just with your application but with all business processes.

something else you said

Also some in-built way for a user to delete their account

No, some way to deal with the user's request when they ask to be forgotten. Most will have so few requests its not worth building functionality when they can deal with it on a case by case basis manually. Quite how you remember someone's wish to be forgotten is another matter!

votemike

I see, maybe a single package isn't appropriate. What about a package to zip up user information automatically. Are there any packages that can remove metadata (such as authors or GPS co-ordinates) from upload photos?

Please sign in or create an account to participate in this conversation.