Difference between revisions of "General Data Protection Regulation (GDPR) (EU)"

Revision as of 13:12, 9 April 2018

see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Changes to be implemented in the databases

• Table UserProxy:
  • New columns:
    • ID: ID replacing the login name in datatables e.g. in columns LogUpdatedBy etc.
    • PrivacyConsent: If the user constented to the storage and processing of his data in the database (set by user during login)
    • PrivacyConsentDate: The time and date of the consent (set via trigger)
• Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
• All Datatables
  • Insert missing content from columns LogUpdatedBy into UserProxy
  • Changing the contstraints for the logging columns from suser_sname() to UserID()
  • Changing content of logging columns from name to ID
• Special changes according to objects in the databases to remove reliance on functions like User_Name()
• As final result any login name should be removed from the data and log tables and the only place where this information is left is the table UserProxy

Client software

• Login: The user will be asked to consent to the storage and processing of his personal data. Otherwise the access will be denied
• Tools:
  • Creation of a script for the generation of standard objects and handling of datatables
  • The insert of a link to the website with detailed information about the handling of the user related data
    • A default website will be provided, but should be replaced for databases with deviating treature or usage outside the SNSB servers
  • The possibility to remove the personal data of the user (removal of the entries in table UserProxy)

For Discussion

• Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...)

Back to Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives