General Data Protection Regulation (GDPR) (EU)
From Diversity Workbench
see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Features implemented in the databases
- Table UserProxy:
- New columns:
- ID: ID replacing the login name in data tables e.g. in columns LogUpdatedBy etc.
- PrivacyConsent: If the user confirmed to the storage and processing of his/her privacy data in the database (set by user during login)
- PrivacyConsentDate: The time and date of the consent (set via trigger)
- New columns:
- Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
- All Data tables
- Insert missing content from columns LogUpdatedBy into UserProxy
- Changing the constraints for the logging columns from user_name() to UserID()
- Changing content of logging columns from name to ID
- Special changes according to objects in the databases to remove reliance on functions like User_Name()
- As final result any login name is removed from the data and log tables and the only place where this information is left is the table UserProxy
Client software
- Login: The user will be asked to consent to the storage and processing of his/ her personal data. Otherwise the access will be denied
- Tools:
- Creation of a script for the generation of standard objects and handling of datatables
- The insert of a link to the website *** or other internal resources *** with detailed information about the handling of user-related data
- A default website is provided: Default Agreement on Processing of Personal Data in DWB Software. It has to be replaced for operational databases
- The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
For Discussion
- Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...)
- Personal data (address etc.) are stored in the module DiversityAgents. Is a process for a removal for complete datasets needed?
- Personal data are stored in other places, e.g. Collector, Identifier, ResponsibleAgents for e.g. Analysis. These are not linked to the table UserProxy and are not removed by the standard removal from this table.
Back to Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives
