GDPR compliance

[michelguerin]

Is your feature request related to a problem? Please describe.
The IEC61850 definition allows a history to be written in the SCL file in the form of History > HItem.
The HItem can have a who attribute to track who made a change.

At the moment, Com-pas fills this attribute with the user information when saving a new version, so it seems that the application is not GDPR compliant at the moment.

• There is no disclaimer on how the data will be handled (which could be instance specific).
• User data is shared and stored in the cloud without notice.
• The SCL files containing this user data can be downloaded and shared with third parties.

Describe the solution you'd like
At least :

• The user should be able to consent to the use of their data (this could come from a company policy regarding its use, but there should be an option to display this within Com-pas).
• The data in the 'who' attribute should be pseudonymised.

[Sander3003]

Do you know how other business applications are handling this? E.g. ERP systems, document management systems etc? If you work for a company, it is needed to keep information about employees (e.g. to pay the salary).

[danyill]

I'd suggest provide a pseudonym to users when they log into Compas and provide the ability for them to edit this. When they edit this they must accept a GDPR statement on how their data can be used.

https://excalidraw.com has the pseudonym assignment when a live sharing session is started.

[github-actions]

Hello there,

Thank you for opening this issue! We appreciate your interest in our project.
However, it seems that this issue hasn't had any activity for a while. To ensure that our issue tracker remains organized and efficient, we occasionally review and address stale issues.

If you believe this issue is still relevant and requires attention, please provide any additional context, updates, or details that might help us understand the problem better.
Feel free to continue the conversation here.

If the issue is no longer relevant, you can simply close it. If you're uncertain, you can always reopen it later.

Remember, our project thrives on community contributions, and your input matters. We're here to collaborate and improve.
Thank you for being part of this journey!

[Sander3003]

It is still relevant

[Sander3003]

https://try.theia-cloud.io/terms.html could be used for inspiration how to do this; https://try.theia-cloud.io/

[Sander3003]

@nicorikken any recommondations from the OSPO side?

[github-actions]

Hello there,

Thank you for opening this issue! We appreciate your interest in our project.
However, it seems that this issue hasn't had any activity for a while. To ensure that our issue tracker remains organized and efficient, we occasionally review and address stale issues.

If you believe this issue is still relevant and requires attention, please provide any additional context, updates, or details that might help us understand the problem better.
Feel free to continue the conversation here.

If the issue is no longer relevant, you can simply close it. If you're uncertain, you can always reopen it later.

Remember, our project thrives on community contributions, and your input matters. We're here to collaborate and improve.
Thank you for being part of this journey!