Previous Topic

Book Contents

Book Index

Next Topic

Basic Concepts

Data protection: How?

Three types of operation can be involved in personal data protection.

  • Deletion

    The most radical removal of data. Manual deletion may be problematic due to deletion constraints stemming from relations between business objects. Deletion of large data quantities should preferably be done using the DPM.

  • Anonymization

    The process of either encrypting or removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. Can be done either manually or using the DPM.

  • Archiving

    The process of removing records from the current, active storage to a separate, archive storage. Archiving is performed for two reasons:

    • for performance reasons - to keep obsolete data accessible while eliminating the burden of storing huge data quantities in the 'productive' section of the database
    • for data protection reasons - to store sensitive data in a separate database section with controlled user access.

    As archiving involves two stages:

    1. moving data to the archive
    2. deleting the data in the primary location,

    it is subject to the same deletion constraints as simple deletion.

Data protection: What data?

It is necessary to carefully identify all data containing personal information subject to data protection: which object types, which fields, which object types contain personal data in their 'usrcre' and 'usrchg' fields. Namely:

  • Which data contain personal information?

    Specifically:

    e.g. person: surname, first name, telephone number etc.

    e.g. ticket: alternative e-mail address etc.

    Potentially in unstructured texts:

    e.g. Ticket short text "Printer defective. Mr. Smith restarted it, but without success".

  • Which data references master data with personal information?

    e.g. ticket reported by (person), affected (person) etc.

  • For which data can there be a particular interest in keeping them longer?

    e.g. Tickets that are relevant for IT security

The above consideration may apply not only to data stored in the main database but also to already archived data and audit&history data.

Data protection: When?

Timing and scheduling is another important aspect of data protection. Each data object is subject to a life cycle from which the times for access and deletion periods can be derived.

Possible points in time for the start of a period are:

  • Data collection
  • End of the process
  • End of the relationship with the affected person

Decisive factors for periods for access and deletion can be for example:

  • Legal retention periods
  • Data protection requirements
  • Contractual commitments

The specific times and deadlines depend on numerous factors and must be worked out company-specifically for each type of data and in cooperation with the data protection officer.

See Also

Data Protection

Archiving

Anonymization

Data Log

Data Protection Manager