Non existent email address

  • If someone just submits the form to check if there is any comment made using his email address and there is no comment left on that email then the unique link page should state that
    1. there is no comment matching that email address
    2. the email address sent via the gdpr form was already deleted from the system

    The system should not list anymore the request (even in the url_visited state) otherwise the table will just grow indefintely with bogus requests that can never be removed.

    Another related question: if someone send the request and never finds the incoming email (maybe it is filtered out by antispam rules) what happens? We can prove the email was sent if there is any complains but what if the user just does not care to continue the process?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Jimako

    (@jimako)

    @rvencu

    if someone send the request and never finds the incoming email (maybe it is filtered out by antispam rules) what happens?

    for this I use WP Mail Logging plugin. It logs every email sent by WP itself and you can see them in HTML version (readable) (you see them if your server doesn’t sent emails or they are filtered out on receiver side)

    Thread Starter Richard Vencu

    (@rvencu)

    In the light of GDPR if some user requested to be forgotten what happens with this log made by WP Mail Logging plugin when it still keeps that user email address?

    I mean we do not need consent since this is a legitimate interest (keeping logs for legal purposes let say) but then the user is really forgotten or not?

    Jimako

    (@jimako)

    I understand your point. I don’t have answer. I don’t think anybody has in these days. It’s too soon. But your point about legitimate interest is correct too (no user can’t be forgotten fully thanks this rule) You can set the process only to remove these logs manually (but still saved somewhere to have evidence for legal purpose). So for me is enough to annouce it in privacy policy or maybe as next info for gdpr checkbox. Just imagine if somebody claim that you do something against GDPR and you have no evidence because they asked to be forgotten. In our case – we are waiting for applying GDPR in our laws – as soon as somebody require to be forgotten, we will save all mail evidence to local machine, and remove them from website. This is about processing (important part of GDPR).
    Sorry for my English, I hope you get my point. In our country we have law to save 10 years anything related to accounting, so here forgotten rule can’t be applied to any client with invoice, orders anything.

    Thread Starter Richard Vencu

    (@rvencu)

    Yes, we have the same 10 years retention and national laws are stronger than GDPR rules in such cases but while these records must stay email addreses of the customers do not have to stay though. We also process medical info (we are medical services providers) and we must keep this data for a while, still unclear how long.

    I was thinking to move logs offsite just to remove them from danger of the online computers. Then I thought what if someone send me an email (I put in my Privacy Policy a statement saying that anyone sending personal data via email is automatically consenting for us to process that data for the purpose stated on that email) then they request to be forgotten it will be a nightmare to hunt all instances of emails sent from that address inside the email server as well as all possible local machines that maybe downloaded it.

    There is some DLP software offering (currently we like CoSoSys product) that can be trained to detect content everywhere in the enterprise and do something with that content. Maybe we will be able to add those personal data to a dictionary and destroy all instances of it at the next scan, then keep a log of what it did.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Non existent email address’ is closed to new replies.