rt-shredder doesn’t help here at all.
We can’t delete anything just by date because tickets contains various information unrelated to GDPR and that data needs to be kept.
Also GRPD require you to delete personal data immediately after you no longer need these, so for example if user provides his ID card for verification in ticket you need to delete such attachment from the system after performing verification while you can keep ticket itself.
Here I miss things like:
- deleting attachments (with storing information who deleted and what) from UI
- anonymization option for tickets (which replaces all data like requestor emails, first/second name from metadata but also from ticket content, too) - and that could be used instead of shredder.
Not sure if that will cover all cases, probably edition of tickets will be needed sometimes, too.