Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GDPR Privacy Policy Acceptance Recording and Registry #2658

fpietrosanti opened this issue Jul 30, 2019 · 1 comment

GDPR Privacy Policy Acceptance Recording and Registry #2658

fpietrosanti opened this issue Jul 30, 2019 · 1 comment


Copy link

Current behavior
Following EAT legal GDPR compliance setup, it has been defined that for each Privacy Policy Acceptance, it shall be retained a registry keeping a trace of the acceptance of the policy, accordingly to those specification:

"It should be generated and kept (three years) a trace of acceptance of the Policy, with at least
the following data:
o Identification of the petitioner, in a proper way, unless it is an anonymous report or
o Date (day, month, year) and time (hour and minute) when the acceptance is provided.
o Text accepted, or at least the information to identify the text accepted, e.g. title and

The Registry shall be available for consultation by the admin and/or by a dedicated user representing the DPO of the organization, as a way to let any whistleblower to exercise their GDPR-related rights (data inquiry, data cancellation, etc), if requested.

The registry shall be subject to a dedicated data retention policy, different from the one of the whistleblowing reports.
For EAT project it has been defined:

  • 18 months for whistleblowing reports
  • 36 months for GDPR privacy policy acceptance
Copy link
Contributor Author

Ref #2145 #2143 #2144

@evilaliv3 evilaliv3 removed the X: EAT label Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants