Description
Hi,
we use contacts in our internal applications.
We manage in the same directory external contacts but also internal contacts, professional data but also private data.
Actually each employee can access to all contacts and all data.
Regarding the GDPR, we have to limit data access: you can only access data if it is necessary for your job.
I see 2 solutions:
-
restrict contact access following usage context but it limits the approach of a global directory. Duplicates can appear (if you don't see a contact, you will create a new one).
-
show by default a limited set of data and add a button on which the employee can click to show the full set of data. => The employee is responsible of his action and we can log it.
I think the second solution is the better one.
Those restriction would depend of an option:
- see all
- demand confirmation to see a set of private data
What do you think it about ?
@cedricmessiant @tdesvenain @vincentfretin @ebrehault @frisi @gbastien @bsuttor