General

Deleting and GDPR neutralizing users

This article explains about deleting and GDPR neutralizing users in FlightLogger

FlightLogger offers two different options of removing a user from your account:

  1. Deleting a user
  2. GDPR neutralizing a user

Below you can learn about both options and read our recommendations of when to do what.

Deleting a user

Deleting a user means the user is completely removed from your account. We recommend that you only use the Delete user function in the specific case where you have mistakenly created a user and want to remove the user again right away. 

These are the requirements that must be met in order to delete a user:

  • User has no bookings
  • User has no registered flights
  • User has no theory registrations
  • User has no messages
  • User has no logbook entries
  • User is not attached to any programs
  • Comments on cancelled bookings are neutralized
  • No accounting transactions exist on the user

These requirements are to protect your data integrity, since otherwise deleting a user would include deleting all records associated with the user, which would potentially cause discrepancies in your data.

If a user does not meet the above requirements you should instead consider to GDPR neutralize the user.

Note that a user deletion cannot be undone and that user deletion can only be done by administrators.

GDPR neutralizing a user

The main purpose of user GDPR neutralization is to accommodate the user's "right to be forgotten" according to the GDPR, article 17. Note that your organization may have reasons for keeping user data that overrule your users' right to have their data erased, as explained in this article. Further down you can see which data is neutralized when using the GDPR neutralize user feature in FlightLogger.

GDPR neutralizing a user is our recommended method for removing all personal data while keeping your data integrity intact.

When GDPR neutralizing a user, all records on your account are kept intact except for data related to the user, which is replaced by an anonymous user ID that only your DPO can see. This way you stay compliant by preserving any necessary records for future audits etc. while also meeting data protection regulations.

These are the requirements that must be met in order to GDPR neutralize a user:

  • User has no active programs
  • User has no future bookings

Which data is neutralized

This is the data that is neutralized on a user, including in all reports, activities etc.:

  • User info including call sign and emergency contact info
  • User image
  • Student and instructor comments and notes
  • Lesson, briefing, and debriefing comments
  • Message bodies on messages sent by the user
  • User documents and certificates
  • User availability comments
  • User attachments can not be seen or downloaded
  • User certificates are read-only

Additionally, the GDPR neutralized user is removed from any document sharing groups and message center groups, and the user is blocked.

IMPORTANT: GDPR neutralization is irreversible, meaning once a user has been neutralized, the above mentioned data cannot be restored. Only your account's Data Protection Officer (DPO) has access to GDPR neutralize a user.