I'm working through the plugins to better understand the process flow and the configurations so I can demonstrate it and the options to my department.
I'm struggling to understand the Data Registry part. In particular, I don't understand what "Category" does. It seems to me to be just a label and a description. Is its use something specific that comes out of the GDPR regulations or just a way of organising, that I don't understand?
On "Purpose", my working assumption is that it's a reason for setting a particular retention period for some thing, for example, a University regulation that states that a user's details can't be deleted from Moodle for 3 years after they have left. Is that right?
Following on from that, I've been through the deletion request process on my dev server, and even though a retention period has been set, a user can still make a request for deletion, and the DPO can still authorise the deletion. But nothing happens until the retention period has passed. Is that right? From a user's POV, it looks like the request has been accepted, but nothing happens, and there's nothing telling them why.
How is that final deletion process managed? Is there a deletion queue, or is it calculated from the requests table on a cron run?