+4Hello
Can somebody help me with that point please ?
There is an HOLDING with Company A and Company B
Employee SMI begins in Company A.
She left Company A to go to Company B.
I want to anonymize Employee SMI Data (with Personal Data Processing ) in Company A BUT NOT on Company B, in which the employee is still working ?
Many thanks for your help, waiting to read your answers !
Hi Stephanie,
To begin with, please consider that most Personal Data, protected under GDPR and managed by the IFS Personal Data Management functionality, is connected to the object Person. Personal Data related to the Employment rather than the individual, is for instance Salary.
Thereby, separate the setup of Processing Purposes between data which is connected to the Person object (and thereby should be kept when an individual is transferring between Companies in a Business Group) and the Employee object. If data linked to both Person and Employee is connected to the same Processing Purposes, then the removal for instance an Employee’s Salary can result in also removing personal data on the Person. Thus, the more specific the Processing Purposes are, the easier it will be to delete data only for a certain area, and vice versa.
Once you have Processing Purposes separated between what is stored on the individual (Person) and the Employee, test the following in a test environment: Have an Employee in Company A and an Employee in Company B. Both must be connected to the same Person. Have Salary data on both Employees and a Processing Purpose which controls Salary. Then, either Terminate the Employee in Company A (and thereby remove the Processing Purpose for Salary), or manually just remove the Processing Purpose for Salary on the Employee in Company A. If the salary data in this test scenario is only removed on the Employee in Company A, and not the Employee in Company B - then you have a functioning routine for what you are asking.
Also, when an Employee is terminated, the solution should be set up to have the Employee become part of a Former Employee Access Group - making it possible to limit the access to former employees to a minimum number of HR Personnel. Thereby, following a good access practice, regardless of the GDPR functionality.
(Note. IFS only provides system functionality relating to GDPR. IFS do not provide legal GDPR advise. Therefore, when assessing and/or setting up GDPR in an IFS solution, always consult with legal expertise.)
Regards,
Magnus
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
