Versionen im Vergleich

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Kommentar: Migration of unmigrated content due to installation of a new plugin

...


Documentation
General Data Protection Regulation [GDPR]
Author: D. Baschleben
Anker_GoBack_GoBack

...

File name:

...

D:\TUI Cruises\Abnahmedokumente\Abnahmedokument_WI30587_Flugvakanzanpassungen.doc

...

File size:

...

1.828 KB

...

Creation date:

...

12.06.2018

...

Change date:

...

6/12/2018 16:06:00 A6/P6


...

6/12/2018 16:06:00 A6/P6

...

Date

Version

Description

Name

16.05.2018

1.0

Document created

D. Baschleben

12.06.2018

1.1

Final version

D. Baschleben

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Content

1. Introduction

2. New check boxes in client profiles

3. New user right

4. Anonymization of client profiles

5. Anonymization process

Client role

Pass Data

Emergency Contact

Banking data

Client Cards

6. Test Case

7. Assumptions and Open Issues
Assumptions
List of Open issues
8Error handling

8. Assumptions

9. Information Report

910. Encryption of e-mail attachments

1011. Data objects

12. Batch anonymization process







Anker
_

...

Toc64466627
_

...

Toc64466627
Introduction



The General Data protection regulation (GDPR) is a regulation within the EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)
This regulation is binding within the member states of the EU and entered into force on 25 May 2018.
In order to comply with the regulation DaVinci will provide the possibility to call an information report for all personal data stored within DaVinci such as address data, banking data or booking data (Right of Access). Furthermore, DaVinci provide the possibility to anonymize personal data (Right of Erasure).
DaVinci supports both requirements as a standard solution. The new feature will be realized within DaVinci release 1079.



Anker
_

...

Toc64466628
_

...

Toc64466628
New check boxes in client profiles



There are three new check boxes within a client profile.

  • Kontakterlaubnis (contact permission) with which the user can steer whether the client allows contact or not
  • Kunde anonymisiert (client made anonymous), this checkbox will be set by the system when a client profile is set to made anonymous.
  • Kunde-Anonym.-Sperre with which the user can prevent the anonymization of a client profile.






Anker
_

...

Toc64466629
_

...

Toc64466629
New user right



The user right "Privacy protection" disables the field "Kunde anonymisiert" within the client profile.





Anker
_

...

Toc64466630
_

...

Toc64466630
Anonymization of client profiles



General approach:
The standard solution anonymizes a client profile directly from the search (both static and free search). The user can click on "Kunde anonymisieren". This triggers the anonymization of a client profile if all checks passes through.
If versions of client profiles are activated then all version of a client profile is affected by the anonymization.




Anker
_

...

Toc64466631
_

...

Toc64466631
Anonymization process



Anker
_

...

Toc64466632
_

...

Toc64466632
Client role



Only the roles Privat, Begleiter, Testkunde, Reisender and Interessent are applicable for anonymization.





In case an unsupported role is used, following message appears.




Anker
_

...

Toc64466633
_

...

Toc64466633
Pass Data


Pass data will be removed completely.


Anker
_

...

Toc64466634
_

...

Toc64466634
Emergency Contact


All emergency data will be removed completely.

Anker
_

...

Toc64466635
_

...

Toc64466635
Banking data


All banking data will be removed completely.

Anker
_

...

Toc64466636
_

...

Toc64466636
Client Cards


The Client Card number will be anonymized.







Anker
_

...

Toc64466637
_

...

Toc64466637
Test Case


Test client profile before anonymization





Client profile after anomyzation







Usually the client profile cannot be selected within the client search. For this example, the client profile was manipulated within the database to get it visible again.
Booking data:

Anker
_

...

Toc64466638
_Toc64466638
Error handling


The anonymization is not possible under following conditions.

  1. Wrong role is used:


Image Added

  1. Lock Anonymization setting is active


Image Added

  1. Bookings with departure in the future


Image Added
The return date of the booking is relevant.

  1. Existing open items


Image Added

  1. Existing duplicate


Image Added

  1. Active client card


Image Added
Here the client card active setting is decisive.


Anker
_

...

Toc64466639
_

...

Toc64466639
Assumptions






  • Clients connected to future bookings (as client and/or participant; exception cancelled bookings without costs) are not possible to anonymize. This is related to the The return date of a booking function as key indicator.
  • Invoices are subject to statuary retention periods. DaVinci fulfils these requirements by storing all invoices either in an archive database or archive folder as pdf. The anonymization process will only check whether there are future bookings linked to a client profile.
  • Clients with unpaid items are not possible to anonymize
  • Participant names without link to a client number will not be anonymized
  • Participants connected to client profiles can be anonymized
  • Fields will be anonymized and will be overwritten by 3 random letters
  • Duplicated clients have to be anonymized separately
  • The user has to call the anonymization manually in the client search per each client profile
  • Only certain roles of clients as mentioned above are applicable for anonymization









Anker
_

...

Prio

Nr.

Beschreibung

Status

1

16

Bei Timeout der Anonymisierung stürzt DaVinci ab

offen

2

17

Anpassung der Meldung in GUI an neuen Rückgabewert im Fall von Offenen Posten (anonymsrg. Verweigert)

offen

3

18

Löschen von Dubletten mit Dublettenzuordnung KU_DUBLETTE_REF_KUNR in der Kundentabelle

offen

3

19

Löschen von Dubletten mit neuer Kundennummer (TUIC-Variante)

offen

1

20

Anonymisieren von Mitreisenden soll unterbunden werden (sonst Meilenverlust)

offen

2

21

Kunden mit aktiven Clubkonten dürfen nicht anonymisiert werden

offen

1

23

Anonymisierungssperre anhand des Rückreisedatums anstelle Abreise

offen

3

24

GDPR_PROTOCOL um Kundennummer erweitern

offen

2

25

Keine Fehlermeldungen, obwohl Anonymisierung scheitert bei abweichenden Feldlängen sowie Vorliegen von offenen Posten

offen

2

26

Datumsfeld auf Inforeport

offen

3

27

Job und Transfertabelle

offen

...

Toc64466640
_Toc64466640
Information Report



The new report file STD_GDPR_Disclosure.rpt will be assigned under Adressen>DatenschutzInfo. This report is a XML report which requires a STD_GDPR_Disclosure.rpt.config and STD_GDPR_Disclosure.xsd^xsd.

The report requires following further scripts:

  • Sprachfelder_GDPR_Disclosure.sql
  • Textbausteine_STD_GDPR_Disclosure


By highlighting a certain client number in the client search the user can call the report.


The report shows all relevant personal data that is stored in DaVinci, i.e. the client's address and communication data, banking information, club information, passport and bookings connected with the according client number.

Anker
_

...

Toc64466641
_

...

Toc64466641
Encryption of e-mail attachments


In each booking document the user can set the assignment to encrypted.

When opening an attached pdf then it will be asked to insert a password.





The password is set by a stored procedure. By default it is defined to use the client`s ZIP code. However, it would be also possible to define another password logic.

Restriction: Password protection does not work for realtime fulfilment, request handling and lists.
Until DaVinci version 1079 5 this functionality works only for XML reports and not for ODBC Reports.



Anker
_

...

Toc64466642
_

...

Toc64466642
Data objects


There is a protocol table GDPR_PROTOCOL

The anonymization will be executed validation is done by Stored Procedure bewo_GDPR_CheckBusinessRelations.
The anonymization is done by Stored Procedure bewo_GDPR_Anonymize_Client.




Anker
_Toc64466643
_Toc64466643
Anker
_GoBack
_GoBack
Batch anonymization process



Since DaVinci Version 1083 a batch anonymization process is supported.

New parameter in Kunden section of the system settings.
Image Added
Here, the user can define the number of years after a client is valid for automated anonymization.
It was set to 99 years by default.



With the new stored procedure bewo_GDPR_Batch_Anonymization the user can call the batch process. The user can call it only once or automates it as a SQL job.

The call is exec dbo.bewo_GDPR_Batch_Anonymization or
exec dbo.bewo_GDPR_Batch_Anonymization @P_Debug = 1, this is just for testing purpose to check how many client numbers will be anonimyzed.
If you call the procedure without the parameter then all clients will be searched and the normal anonymization process will be started for all clients with a creation date > the number of years according the setting. The result can be either an anonymization or an error message according the validations mentioned in chapter 7.
In table GDPR_PROTOCOL successful anonymizations are listed.