Skip to content

GDPR: no right-to-erasure endpoint for volunteers (Art. 17) #727

Description

@nadavosa

Problem

GDPR Article 17 (Right to Erasure / Right to be Forgotten) requires the ability to delete or anonymize a data subject's personal data on request. There is no volunteer deletion or anonymization endpoint.

Current state:

  • Volunteer documents can be deleted (DELETE /volunteer/:id/doc) ✅
  • The volunteer record itself (name, email, phone, address, language, skills) cannot be deleted or anonymized ❌
  • Match records (OpportunityVolunteer) reference the volunteer — cascading delete behavior is unclear

Needed

  1. DELETE /volunteer/:id — COORDINATOR/ADMIN only. Should either hard-delete the volunteer record or anonymize all PII fields in-place (replace with [deleted] / null), depending on data retention policy decisions.
  2. Decide on data retention policy: how long is volunteer data kept after they stop being active? Should inactive volunteers be auto-anonymized after N months?
  3. Document the erasure procedure for the operations team.

Related

  • Document deletion: DELETE /volunteer/:id/doc (exists, COORDINATOR-only)
  • When Infomaniak migration happens, ensure S3-equivalent bucket also has TTL/deletion wired up

Context

Part of pre-NGO-onboarding security audit. With NGOs accessing coordinator roles next week, this process needs to exist before real volunteer data is handled at scale.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions