General Data Protection Regulation (GDPR) in HR Administration Processes scenario

Path: GDPR

The system allows you to delete and anonymize personal data if necessary, for example, to ensure compliance with the requirements of Article 15 of the Law of Ukraine “On the Protection of Personal Data” and the principles of the GDPR.

When the statutory retention period for data expires, such data may be deleted if other non-personal data needs to be retained for a configurable period of time. For statistical purposes, for example, anonymization of personal data can be used.

On the GDPR page you need to create settings in accordance with which information will be administered.

Fill in the appropriate fields on the General and Tables tabs.

On the General tab the following fields can be filled in:

Field	Description
Code	Setting Code.
Description	Setting Description.
Active	Setting activity. If Active = TRUE, the selected setting will be run by running the job queue operation automatically if such running is additionally configured.
Main Table ID	Main table code for selecting Date Field Code. The selection of tables is available from the list of tables selected in the Tables tab in rows.
Main Table Name	Name of the main table. Filled in automatically depending on the selected Main Table ID.
Date Field ID	Date field ID in Date or DateTime format from the main table, the value of which will be used to select data.
Date Field Name	The date field name. Is filled in automatically depending on the selected Date Field ID.
Processing Data Formula	Data processing formula. It is necessary to specify the period after which the data will be processed in accordance with the settings. Acceptable formula format is, for example, 1M (1 month), 1Y (1 year).
No. of Tables	Number of tables. The field is filled in automatically depending on the number of tables created in the rows of the Tables tab.

In the rows of the Tables tab, the system allows you to:

create lines,
delete lines,
administer information by making changes to the fields – the GDPR Fields page,
filter information available for administration – the GDPR Table Filters page.

To create a row for a table on the Tables tab, fill in the following fields in the rows:

Field	Description
Table ID	Table ID.
Table Name	The table name. Is filled in automatically depending on the specified ID.
Delete Records	Enabling this field means that all records in the selected table will be deleted after the selected date has elapsed. Please note that once deleted, data cannot be restored.
Page ID	Page ID. Filled in automatically with the code of the page displaying the selected table.
Parent Table ID	Parent table ID. If the parent table ID is set, the system will first select the data according to the configured parameters of the parent table and administer in the same way as configured in the dependent table.
Processing Order	Number in the processing order.
No. of Fields	Number of fields. The field is filled in automatically with the value of the number of fields that have been configured on the field’s GDPR page. By clicking on the value, the user is taken to the editable field’s GDPR page.
Comments	Comments.

Having selected the tables in which information will be administered, you can select specific fields in which such administration will take place. To do this, in the row of the corresponding table, through the Manage – Fields function, go to the GDPR Fields page.

On the GDPR Fields page, fill in the following fields:

Field	Description
Field ID	ID of the field to be administered.
Field Caption	The field name. Is filled in automatically depending on the selected Field ID.
Field Type	Field type. Is filled in automatically.
Anonymize	Enable the checkbox if value = TRUE and the field value needs to be anonymized. If the checkbox is enabled, the value of the Anonymized Value field will be automatically filled with the Anonymized value, which can be edited to another value.
Anonymize Value	The value that will be set in the selected field instead of the primary one after starting information administration for the selected settings.
Clear	Enable the checkbox if value = TRUE and the field value needs to be cleared.

You can select (create) several fields in the table that need to be administered, edit them, and delete them.

On the GDPR Table Filters page, fill in the following fields:

Field	Description
Field ID	Field ID. The Field ID and Linked Field ID must have the same value for each table.
Field Caption	Field Caption.
Type	Type.
Filter Value	Filter value.
Linked Field ID	Linked Field ID.
Linked Field Name	Linked Field Name.

Having completed the settings necessary for data administration, you can preview the result using Actions – Preview. In the Options area, select the Date on which the results will be previewed. The result is displayed by the system in lines with the following fields:

Field	Description
Record Caption	The name of the record being processed.
Processing Date	Selected date + Selected period by formula. The viewing date must follow the processing date.
Anonymized Fields	Number of records for which fields are Anonymized.
Cleared Fields	Number of records for which fields have been cleared.
Deleted Records	Number of deleted records.

To administer information, this process must be run: Actions – Run

You can run the information administration process manually using Actions – Run from each GDPR page.
The information administration process can be run automatically by creating a Job Queue Operation, Codeunit 70860390 SMA GDPR Management.

The results of the information administration are logged on the GDPR Log page, Related – Log as follows:

Field	Description
Entry No.	Filled in automatically by the system.
GDPR Code	Setting code according to which the information will be administered.
Anonymized Fields	Number of records for which fields are Anonymized.
Cleared Fields	Number of records for which fields are cleared.
Deleted Records	Number of deleted records.
Processed Record ID	Processed Record ID.

Deleting log entries does not reverse the anonymization or deletion of information.