Difference between revisions of "General Data Protection Regulation (GDPR) (EU)"

From Diversity Workbench
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
 
see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  
=== Changes to be implemented in the databases ===
+
=== Features implemented in the databases ===
 
* Table UserProxy:
 
* Table UserProxy:
 
** New columns:
 
** New columns:
*** ID: ID replacing the login name in datatables e.g. in columns LogUpdatedBy etc.
+
*** ID: ID replacing the login name in data tables e.g. in columns LogUpdatedBy etc.
*** PrivacyConsent: If the user constented to the storage and processing of his data in the database (set by user during login)
+
*** PrivacyConsent: If the user confirmed to the storage and processing of his/her privacy data in the database (set by user during login)
 
*** PrivacyConsentDate: The time and date of the consent (set via trigger)
 
*** PrivacyConsentDate: The time and date of the consent (set via trigger)
 
* Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
 
* Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
* All Datatables
+
* All Data tables
 
** Insert missing content from columns LogUpdatedBy into UserProxy
 
** Insert missing content from columns LogUpdatedBy into UserProxy
** Changing the contstraints for the logging columns from suser_sname() to UserID()
+
** Changing the constraints for the logging columns from user_name() to UserID()
 
** Changing content of logging columns from name to ID
 
** Changing content of logging columns from name to ID
 
* Special changes according to objects in the databases to remove reliance on functions like User_Name()
 
* Special changes according to objects in the databases to remove reliance on functions like User_Name()
* As final result any login name should be removed from the data and log tables and the only place where this information is left is the table UserProxy
+
* As final result any login name is removed from the data and log tables and the only place where this information is left is the table UserProxy
  
 
=== Client software ===
 
=== Client software ===
* Login: The user will be asked to consent to the storage and processing of his personal data. Otherwise the access will be denied
+
* Login: The user will be asked to consent to the storage and processing of his/ her personal data. Otherwise the access will be denied
 
* Tools:  
 
* Tools:  
 
** Creation of a script for the generation of standard objects and handling of datatables
 
** Creation of a script for the generation of standard objects and handling of datatables
** The insert of a link to the website with detailed information about the handling of the user related data
+
** The insert of a link to the website *** or other internal resources  *** with detailed information about the handling of user-related data
*** A default website will be provided, but should be replaced for databases with deviating treature or usage outside the SNSB servers
+
*** A default website is provided: [[Default Agreement on Processing of Personal Data in DWB Software]]. It has to be replaced for operational databases  
 
** The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
 
** The possibility to remove the personal data of the user (removal of the entries in table UserProxy)
  
 
=== For Discussion ===
 
=== For Discussion ===
* Several interfaces in the database allow the export of the data including personal data. These can not be controlled. Should this possiblity be removed (e.g. ExportWizard, TableEditor, ...)
+
* Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...)
 +
* Personal data (address etc.) are stored in the module DiversityAgents. Is a process for a removal for complete datasets needed?
 +
* Personal data are stored in other places, e.g. Collector, Identifier, ResponsibleAgents for e.g. Analysis. These are not linked to the table UserProxy and are not removed by the standard removal from this table.
  
 
----
 
----
 
Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]]
 
Back to [[Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives]]

Latest revision as of 18:03, 7 July 2018

see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Features implemented in the databases

  • Table UserProxy:
    • New columns:
      • ID: ID replacing the login name in data tables e.g. in columns LogUpdatedBy etc.
      • PrivacyConsent: If the user confirmed to the storage and processing of his/her privacy data in the database (set by user during login)
      • PrivacyConsentDate: The time and date of the consent (set via trigger)
  • Function UserID(): Providing the ID of the user in replacement of the SQL function User_Name() etc.
  • All Data tables
    • Insert missing content from columns LogUpdatedBy into UserProxy
    • Changing the constraints for the logging columns from user_name() to UserID()
    • Changing content of logging columns from name to ID
  • Special changes according to objects in the databases to remove reliance on functions like User_Name()
  • As final result any login name is removed from the data and log tables and the only place where this information is left is the table UserProxy

Client software

  • Login: The user will be asked to consent to the storage and processing of his/ her personal data. Otherwise the access will be denied
  • Tools:
    • Creation of a script for the generation of standard objects and handling of datatables
    • The insert of a link to the website *** or other internal resources *** with detailed information about the handling of user-related data
    • The possibility to remove the personal data of the user (removal of the entries in table UserProxy)

For Discussion

  • Several interfaces in the database allow the export of the data including personal data. Should these possiblities be removed (e.g. ExportWizard, TableEditor, ...)
  • Personal data (address etc.) are stored in the module DiversityAgents. Is a process for a removal for complete datasets needed?
  • Personal data are stored in other places, e.g. Collector, Identifier, ResponsibleAgents for e.g. Analysis. These are not linked to the table UserProxy and are not removed by the standard removal from this table.

Back to Software#Diversity_Workbench_software_implementations_in_compliance_with_regulations_and_directives

Retrieved from "https://diversityworkbench.net/w/index.php?title=General_Data_Protection_Regulation_(GDPR)_(EU)&oldid=14805"