There is a lot of changing with Data Protection and GDPR. I am not sure which is the right method for me to develop it.
The reason I was looking for advice because of the new Apply policy on account of deletion requirements extended https://developer.apple.com/news/?id=i71db0mv
We are using ROR API. and we have mobile App but we don’t have deletion account, only Deactivate Account cos we need to keep a record on booking history.
I was thinking something like that.
Create a new table “old_user_table” with old user_id, first name, second name, email, and booking slug.
It will allow keep all users who did previous booking. And deleted their user ID in the app. We need to keep all records for booking for audit purpose in the last 5-10 years in the app.
The user setup with this app, the user but never booking, then the user will not transfer to “old_user_table” cos the user booking nothing.
Does it make sense? Something like that? Or do you have a better alternative?
(FYI I’m not RoR Developer but I want to make sure I have better knowledge or better case before meeting with Ruby developers & IOS developer).
That approach won't be GDPR compliant since you are keeping PII in the old_ table.
If you want to keep the old bookings I would replace the user_id for some new random generated UUID that has no link with the real user, and then remove the user from the database.