I have a situation in this moment, with the users who are drawing/implementing the BPMN processes: They can create tasks that can have a people’s data (name, VAT number, address,…) in the task name. But that increases when the focus are the task/process variables. They can have forms where all data of a person can be collect and stored in the flowable DB.
Well according to the legislation, sometimes we have to erase the information of someone or we have to store the data that can identify someone in a different DB (I’m not a legal guy, and there are lots of rules relating this GDPR issue).
I was thinking in having some metadata associated with the fields that can store these information (variables, task/process names) where we can mark if that information is/can be GDPR sensible/candidate. The next step is harder, because knowing that information, or I have to create extensions tables to store the information (with an ID in the original) and customizing the CRUDs to take that in count… Bit this is only a draft of an idea…
I searched here and didn’t saw nothing about his issue… Anyone stuck with this problem?