Difference between revisions of "General Data Protection Regulation (GDPR) (EU)"
From Diversity Workbench
(→For Discussion) |
(→For Discussion) |
||
| Line 25: | Line 25: | ||
=== For Discussion === | === For Discussion === | ||
* Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...) | * Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...) | ||
| + | * Personal data (address etc.) are stored in the module DiversityAgents. Is a process for a removal for complete datasets needed | ||
| + | * Personal data are stored in other places, e.g. Collector, Identifier, ResponsibleAgents for e.g. Analysis. These are not linked to the table UserProxy and are not removed by the standard removal from this table | ||
---- | ---- | ||
Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]] | Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]] | ||
Revision as of 13:17, 9 April 2018
see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Changes to be implemented in the databases
- Table UserProxy:
- New columns:
- ID: ID replacing the login name in datatables e.g. in columns LogUpdatedBy etc.
- PrivacyConsent: If the user constented to the storage and processing of his data in the database (set by user during login)
- PrivacyConsentDate: The time and date of the consent (set via trigger)
- New columns:
- Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
- All Datatables
- Insert missing content from columns LogUpdatedBy into UserProxy
- Changing the contstraints for the logging columns from suser_sname() to UserID()
- Changing content of logging columns from name to ID
- Special changes according to objects in the databases to remove reliance on functions like User_Name()
- As final result any login name should be removed from the data and log tables and the only place where this information is left is the table UserProxy
Client software
- Login: The user will be asked to consent to the storage and processing of his personal data. Otherwise the access will be denied
- Tools:
- Creation of a script for the generation of standard objects and handling of datatables
- The insert of a link to the website with detailed information about the handling of the user related data
- A default website will be provided, but should be replaced for databases with deviating treature or usage outside the SNSB servers
- The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
For Discussion
- Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...)
- Personal data (address etc.) are stored in the module DiversityAgents. Is a process for a removal for complete datasets needed
- Personal data are stored in other places, e.g. Collector, Identifier, ResponsibleAgents for e.g. Analysis. These are not linked to the table UserProxy and are not removed by the standard removal from this table
Back to Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives
