Difference between revisions of "General Data Protection Regulation (GDPR) (EU)"

From Diversity Workbench
Jump to: navigation, search
Line 23: Line 23:
 
** The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
 
** The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
  
 +
=== For Discussion ===
 +
* Several interfaces in the database allow the export of the data including personal data. These can not be controlled. Should this possiblity be removed (e.g. ExportWizard, TableEditor, ...)
  
 
----
 
----
 
Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]]
 
Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]]

Revision as of 13:11, 9 April 2018

see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Changes to be implemented in the databases

  • Table UserProxy:
    • New columns:
      • ID: ID replacing the login name in datatables e.g. in columns LogUpdatedBy etc.
      • PrivacyConsent: If the user constented to the storage and processing of his data in the database (set by user during login)
      • PrivacyConsentDate: The time and date of the consent (set via trigger)
  • Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
  • All Datatables
    • Insert missing content from columns LogUpdatedBy into UserProxy
    • Changing the contstraints for the logging columns from suser_sname() to UserID()
    • Changing content of logging columns from name to ID
  • Special changes according to objects in the databases to remove reliance on functions like User_Name()
  • As final result any login name should be removed from the data and log tables and the only place where this information is left is the table UserProxy

Client software

  • Login: The user will be asked to consent to the storage and processing of his personal data. Otherwise the access will be denied
  • Tools:
    • Creation of a script for the generation of standard objects and handling of datatables
    • The insert of a link to the website with detailed information about the handling of the user related data
      • A default website will be provided, but should be replaced for databases with deviating treature or usage outside the SNSB servers
    • The possibility to remove the personal data of the user (removal of the entries in table UserProxy)

For Discussion

  • Several interfaces in the database allow the export of the data including personal data. These can not be controlled. Should this possiblity be removed (e.g. ExportWizard, TableEditor, ...)

Back to Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives

Retrieved from "https://diversityworkbench.net/w/index.php?title=General_Data_Protection_Regulation_(GDPR)_(EU)&oldid=13812"