How to comply with GDPR Right to Erasure Article 17
In accordance with the GDPR legislation, all data subjects have the right to erasure of personal data without undue delay (the right is not absolute and only applies in certain circumstances).
This is covered by the "Right to Erasure" and described in article 17. In short this means that any user can request their Personal data to be deleted. This is as also known as ‘the right to be forgotten’.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Asset Metadata
Metadata in an asset might contain Personal information.
- Metadata (XMP/IPTC)
- Exif
- "Uploaded by" for FotoWeb users
FotoWeb will automatically add personally identifiable data on upload as files are automatically tagged with user data. The data recorded for each upload and automatically added to the metadata of a file is "Uploaded by" (field ID 360), "Uploaded by full name", (Field ID 361) and "Upload time" (Field ID 362).
- History events for FotoStation users: History events are written to the file if History event logging is enabled (Field ID 231) For more information regarding the History event option please see: https://learn.fotoware.com/03_FotoStation_8.0/05_Adding_metadata_to_assets/File_history
The easiest way of finding this metadata is searching for example for the identifier of the data subject. FotoStation could make the task easier by using "search and replace" on collection of files if needed.
FotoWeb User database (MongoDB):
The MongoDB is the main FotoWeb database and it can depended on use contain personally identifiable data in the following collections:
- Registered user data
- Comments
- Albums
- Reset password
- Notifications
- Signup
- Invitations
- Orders
- Created by (Smart folders and Taxonomies)
- Bookmarks
- Exports
- Export presets
- Crop presets
- Memberships
- Background tasks
- Auth Device tokens
- Auth Upload tokens
How to delete personal data for single FotoWeb:
The simple task of deleting the user inside Operation Center, will also remove the user including any traceable personal data. The purge of user data have a 4 day threshold before content is removed from the database.
FotoWeb SQL database
The information registered in the SQL for reporting purposes are depended on logging options set inside Site configuration, settings, logging. Note that searches are always logged.The following additional information can be logged through, and may turned off completely if not needed.
- Login
- Logout
- Delete
- Metadata edit
- Crop
- Upload
- Download
- Workflow
- View
- Asset details
- Place
Following fields are by default enabled: login, download, workflow.
SQL logs can be flushed automatically with a retention period as low as 1 day. Please see SQL configuration documentation:
https://learn.fotoware.com/02_FotoWeb_8.0/05_Configuring_sites/04_Configuring_the_site_database
Note: It should be taken into consideration that there could be a conflict between erasure of personal data and the need of keeping report data intact for a period of time. Ensure data consistency for the time of the report creation and then purge log and reports data as soon as data is no longer needed.
Webserver logging, FWEvents.log and Debug logs:
Logging events might be storing user data regarding login name, IP address as well as more in dept information if debug logging is enabled (debug logging should only be enabled for debug purposes only, and thereafter deleted).
Even though logs may contain personal data, you may store personal data in your server logs for the limited and legitimate purpose of "preventing unauthorized access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.” To clarify you can actually keep logs but they should have restricted access and be deleted as soon as information is not needed.
FotoWeb logging can be set inside Operation Center and should be set to a minimum.
Current FWEvents.log is stored under "C:\ProgramData\FotoWare\Log Files". It contains log from midnight and 24 hours. Old logs are stored under C:\ProgramData\FotoWare\Log Files\History, and if these are not needed, purging routines should be established to ensure no data is unnecessarily stored over time.
Inside the FWEvents.log username could be logged depended on log level, but deleting the user will also remove any identifiable data.