How does Jiglu support rights under the GDPR?

Jiglu has several features to help with GDPR compliance:

Right to access

Jiglu allows user administrators to generate an archive file containing all the personal information about a user and all the content that they have contributed. This can then be downloaded by the administrator or the relevant user. Because this operation can consume significant resources for a lengthy period of time it is restricted to users with global rights to edit users.

To use this feature go to the user index and select the dropdown menu next to the user you want and then choose the Export content option. A background process will then begin to generate a zip file with their content. Once the process you will receive an email with the URL where the archive can be downloaded, which can be shared with the user concerned.

Archive format

The download is a ZIP format file. In the root of this archive will be a file named profile.txt with their user preferences and user profile information. There will be one directory for every group that they have authored content in or are a member of. If they are still a member of a group this will contain a file called profile.txt with their member preferences and member profile information.

Blog posts, blog comments, discussion messages and knowledge entries have their main text parts as MIME email .eml format files named after the type of the contribution, its simple name and the part number. If there are any attachments then these will be named after the type of the contribution, its simple name and the filename of the attachment. For text instant messages there will be a single file named instant-messages.txt with all the messages authored in that group. For status updates there will be a single file named status-updates.txt with all the updates authored in that group.

Right to erasure

You can remove all the personal information relating to a particular user by selecting the Erase personal information option from the drop-down menu alongside a deactivated user's name.

The user will be removed from any groups that they are members of, deleting any member profiles. Any user profile information is deleted and the user's photo and icon are deleted. Their user properties are reset to the defaults and their username, given name, family name and email address are changed to no longer identify them. Note that content they have authored will not be deleted and nor will any references to them in content by other users.

Once a user has had their personal information erased it will no longer be possible to activate the user again.

Other features

Jiglu also contains features to help ensure only appropriate users have access and to automatically deactivate users that have been inactive for more than a certain number of days. For more on this see How can I see and deactivate users that haven't logged in to the system recently?.

Written by Stephen Hebditch. Published on .
Features that can help with GDPR compliance.