[GNC] GDPR and data held in GnuCash

Mike Evans mikee at saxicola.co.uk
Tue Apr 10 07:51:08 EDT 2018


Is everyone aware of the impact of GDPR on their customers/vendors data stored within GnuCash?  I admit I've only just become aware of it and am still puzzled as what I should do to be compliant.

It seems I may have to either delete all my customer data or "repermission" my existing customers and vendors in order to hold any data about them. I'm not sure how GnuCash will behave if I delete customer data, given that I can't do that via GnuCash and will have to "manually" edit my database (or XML file in my case). I should probably file an enhancement request to add a delete customer facility to GnuCash.

It may be only applicable if you hold data for the purposes of mailing list marketing.

There may be issues if you backup or store your GnuCash data "in the cloud" as this probably means moving data to servers based outside of the EU. In which case it will have to be encrypted before transmission. I guess that applies for server storage inside the EU too. Business users storing unencrypted data in the "cloud" would fall foul of the regulations.

There's a Wikipedia article at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 

and there's https://www.eugdpr.org/


Just a few discussion points.
Mike Evans


More information about the gnucash-user mailing list