General Data Protection Regulation¶
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies.
GDPR will come into effect across the EU on May 25, 2018.
Clientele and GDPR¶
There are three topics which are currently supported with Clientele ITSM. The new options to support the different requests can be found under Manage > Organizational Units.
Right of access by the data subject¶
A person shall have the right to access the personal data which is being stored in Clientele ITSM. When a person requests this information, you will be able to send the information by selecting either the Print Subject Access Request or the Send Subject Access Request option. The print option will give you the possibility to print a crystal report file. The send option will automatically create a correspondence activity and will attach the report as a PDF file.
Right to erasure (‘right to be forgotten’)¶
We added the option called Anonymize Person to remove all identifying information from a person detail form and its related auditlog data. After selecting this option and confirming that you really want to do this all fields in the persondetail form will be emptied and any related attributes will be deleted. The record itself will still exist but will only contain a lastname and primary number with the value Anonymized in it.
Right to data portability¶
A person has the right to receive the personal data concerning him or her, which he or she has provided. They should receive this information in a structured, commonly used and machine-readable format and have the right to transmit those data to other parties.
If this is requested you will have the option to either export an XML file or create a correspondence activity with the XML attached to it. The menu items related to this request are called Export Data Portability file and Send Data Portability File.