Data Privacy Request from Users


I wonder if you came across the situation of a data privacy request from a user of SugraCRM. According to GDPR a users are also data subjects and can therefore ask which personal information is stored and in case of an former employee also ask for erasure.

Request on Personal information:

We could show the personal information as a screen shot from the user profile, but it will get complex when you need to show an activity overview.

Request to erase personal information:

In case of an request to erase information we could delete the user profile but this would not give us a save documentation. Also the User Module is not marked for auditing, I wonder where we could change this if at all.

Any thoughts?