This means that there are certain types of
privacy data that this regulation aims to protect, such as:- Basic identity information, for instance name, address and ID numbers;
- Web data such as location, IP address, cookie data and RFID tags;
- Health and genetic data;
- Biometric data;
- Racial or ethnic data;
- Political opinions;
- Sexual orientation
What is expected from a CMS/BPM in this
area?
This regulation covers several topics. We will focus in two of those in this article:
Archive / Purge and Individual Rights.
Archive/Purge
Any information system that stores data
should have the capability to define retention periods, both for archive and
purge, which means that data has a Time to Live [SP1] that is configurable according to the type of data in question. For
example, job applications often generate the storage of personal sensitive
data. For this type of information there are laws that define the maximum time
that a company can keep this information. On the other hand, there is data from
employer records that should be kept for a different period of time. An
information system should be able to define these periods and archive or purge
data when the deadline arrives.
Individual Rights
In order to respect individual rights, an
information system should allow anonymization of data, applying a
non-reversible encryption.
Hereupon, this anonymization should be designed
according to the type of data that we are dealing with. For example, if an
employee invokes the "Right to be forgotten", his employer should have the capacity
to do so by anonymizing all the stored employee's sensitive data. This does not
mean that all data should be suddenly erased, because there is a professional history
that should be kept, but all references to that employee should be masked in
order to become impossible for anyone to discover that the stored data is from
that person.
Although these topics seem simple, they can
raise many problems for current information systems that are not prepared to
deal with these new regulations and that is why, since
early 2017, the demand for Information Systems that can effectively address
GDPR compliance has increased.
Scriptor Server is
already ready for this change as we have been working in order to give
Information Managers the tools they need to implement data protection in their
organizations, starting now!