Kristjan Geir Mathiesen

Implementing data privacy with Sugar 8

Blog Post created by Kristjan Geir Mathiesen on Oct 31, 2018

Hi peeps! My name is Kristján Geir Mathiesen and I work for Origo, an Icelandic Sugar partner. I´ve enjoyed attending SugarCon for the last three years - this year was just as much fun as ever


Me being from Europe and the year being 2018, GDPR has been on my mind and to do list for the past 18 months. When I looked over the SugarCon agenda and saw that David Wheeler was doing a presentation on data privacy, I just knew I had to attend it.



 Below are some of the highlights that stood out for me.


  • Consent should always be stored with audits and how it was obtained - basis for the processing is additionally very important.
  • Basis for processing must be checked and re-checked since the basis for processing might be revoked at any time! Make sure the basis are kept up to date.
  • Great idea to audit anything that relates to data privacy - including the source - to make any post-work easier to perform.
  • Sugar recommends: Don´t erase records, erase content of records.

  • New ErasureFieldList function was added for manual erase (see code in slides).
  • Personally Identifiable Information (PII) is tricky and can be delusive, like the 2006 paper reveals in this slide:



David´s presentation is called "Deep Dive into Data Privacy Architecture."  You can check out his slides here.