https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819
--- Comment #15 from Marcel de Rooy <[email protected]> --- (In reply to Jon Knight from comment #14) > Do we need to keep a copy of the template in use during the consent in the > database along with the borrower ID and date? The UK ICO page on consenting > seems to say we do: > > https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- > regulation-gdpr/consent/how-should-we-obtain-record-and-manage-consent/ > > (second example). Thx for your interest in this patch. The link says: === If consent was given online, your records should include the data submitted as well as a timestamp to link it to the relevant version of the data capture form. You keep records that include an ID and the data submitted online together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use at that date. === This patch registers the borrower ID and the timestamp of consent given. What each library should keep somehow (not described), is: a version history of the template, esp. the exact text for the consent and a history of the referenced privacy page text. In that way you can 'prove' that the user gave consent for a specific version of template and privacy page. (Note: the privacy page is only specified in this patch by a preference called PrivacyPolicyURL. The library itself should create that local page.) I am no legal expert, but I can't imagine that we need to save these texts at an individual consent level. Hope this is clear enough? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
