Under GDPR rules we need to be able to capture "Consent" for the holding of personally identifiable data. As we are able to hold Name and Email addresses, this constitutes PII.
As part of the portal therefore we need:
1) the ability to add a consent statement when people register for the portal or add ideas
2) The ability to capture the fact they have given consent and the date
3) the ability to delete people who have registered for the portal
4) the ability to provide a report of what information we hold about a person when we receive a subject access request.
|Release time frame|