Anonymizing users and their history

Continuing the discussion from GDPR Compliance:

Per GDPR, we would want the capacity to anonymize users and their history in our database for whatever counts as personal data (which means everything with their account if we have email and/or name or other PII connected with their account).

Would it be trivial enough (at this point) to manually anonymize a user if we get a request for anonymizing? If so, we need not do anything (since such requests may never come up). If not, we should at least be in position that we know we can figure out how to send users personal data and anonymize or delete it within 30 days of such a request…

Whatever plan we come up with will, I suspect, be simple. It’s taking me more than 30 seconds to come up with the plan, however.

Caveats: I would like to keep track of specific history (number of pledges made, and when).

Incomplete plan for removing PII when someone requests it:

  1. Deactivate requestee’s pledges
  2. Erase their email address
  3. Disconnect their user id from their patron id
  4. Deal with database backups
1 Appreciation

That’s definitely a complex issue we may not prioritize. I suspect this is or will be a major topic of GDPR compliance broadly. From my initial overview of what people are doing (including around Discourse), nobody seems to be touching the question of how to forget people from backups.