Page MenuHomePhabricator

Disable Kund for time registering
Closed, DeclinedPublic

Description

Fortnox currently allows any customer (Kund) to be selectable for time registering. This means that their names are all visible to any time registering staff member.

At that point this is simply a hassle/risks the wrong customer being selected.

However since any direct debit requires the payee to be added as a Kund and we are now offering direct debit as a way of donating money or paying the membership fee this would inadvertently reveal the real names of any donors/members to every staff member (whether or not they would normally have access to such information).

The solution is to explicitly opt in any Kund for time registering

Event Timeline

Fortnox has been contacted about this. Explicitly highlighting the GDPR concerns. Issue tracking id: 2136465

Fortnox replied essentially saying they don't consider it to be a privacy concern. I got the standard "Det jag kan göra är att ta ditt önskemål vidare till framtida utveckling. Dessvärre är detta inget som vi arbetar med just nu och därmed kan jag inte ge dig någon tidsram." which likely means they won't be working on this.