Data Cockpit


In a Nutshell

The Data Cockpit feature is intended for Data Protection Officers to view and manage PERSONAL data associated with data subjects, and manage timeframes for the retention of this data.

The Data Cockpit consists of two components:

Data Subjects This tab is used to search for, view, edit, and or delete data marked as PERSONAL associated with a data subject.
Personal Data This tab is used to view, block, unblock, and delete data object records that have PERSONAL data linked to them.

Access

The Data Subjects tab can be located by navigating to Admin > My Account and then selecting either the Data Subjects or Personal Data options from the menu:




Data Subjects

The Data Subjects tab is used to view and manage data subject information. When searching for data subject information, any field marked as containing PERSONAL data will be displayed in a list. You can then select a data subject record and view all PERSONAL information linked to it.




Fields Containing Personal Data

The following fields are considered as personal data when linked to a data subject:

Field Description
Username The username associated with the data subject. This username is used to login to the application.
First Name The first name of the data subject.
Last Name The last name of the data subject.
Email Address The email address associated with the data subject.
Title The title of the data subject.
Phonenumbers The phone number/s associated with the data subject.
Skype ID The Skype ID associated with the data subject.
Fax The fax number associated with the data subject.
Pager The pager number associated with the data subject.
Addresses The address/es associated with the data subject.
User defined fields If applicable, the additional user-defined fields associated with the unifiedPerson DTO that have been created for the company. The classification level for user-defined objects are set in the Custom Objects tab.

Delete Personal Data

Using the Data Cockpit, you can query for data subject records, and delete all personal data that makes a data subect identifiable in order to fulfill a “right to be forgotten” request. Personal Data which is deleted will be synchronously deleted within the Elastic Search tables - if the synchronization is not working propperly, the nighlty synchronization will remove the personal data from the elastic search.


Edit Personal Data

In order to align with the “Right to Rectification”, data subject records can be edited. By selecting the edit option, all fields marked as containing PERSONAL data associated with the data subject can be edited as needed.


Download / Backup

When one data subject is selected, an export file of all data liked to the data subject by clicking the “Download” button. This action is not logged.

A security check will then prompt the user and ask whether they are allowed to delete or if the data must be maintained as part of a legal hold.

  • If YES: the data is permanently deleted, the data subject can not be identified anymore. All data except the email address will be removed. The email address is not removed but annonymized and replaced with “deleted.[timestamp]”
  • If NO: a reason must be entered as to why the data wasn’t deleted.

The not deletion note will be saved to the data subjects data and is visible to those with access to the Data Subjects feature.


Personal Data

The Personal Data tab is used to view and manage PERSONAL data associated with other Data Object Types (example: business partners, contacts, etc.). From this tab, you can query for data objects that contain personal data, block the associated personal data and set retention dates (optional), delete personal data, and unblock personal data.




Block Object

By blocking an object record, the record will no longer be visible or available for use in the application.

The following outlines the steps for blocking an object record / placing it on legal hold:

  1. Search for the objectType of the record you would like to block by entering objectType={object} in the search field, where {object} equals the objectType with personal data associatd with it (example: BusinessPartner, Contact, etc):



  1. Click the object ID of the record you wish to block.
  2. Select the Block/Hold option:



  1. You will then be prompted to enter the following:



Field Description
Retention Date Optional The date till which the record will be retained. During this time the record will not be visible nor can it be used/processed in the application.
Reason Required. The reason why the record is being held/retained.
  1. Confirm the retention / blockage by clicking Approve.
  2. The blocked object will no longer be visible / processed in the application. For the mobile application, this will occur following the next sync.

Unblock Object

By unblocking an object record, the object will become visible and available for use in the application.

The following outlines steps for deleting or unblocking an object record.

  1. Query for all blocked objects by entering isBlocked in the search bar.
  2. A list of all blocked objects will be displayed with the following information:



Field Description
Object Type The type of object associated with the record (example: contact).
Object ID The unique alphanumerical ID associated with the object.
Retention Date The rention date associated with the record.
Reason The reason why the record is being held/retained. A reason is given when an object record is blocked.
  1. Click on the object ID which you would like to unblock.
  2. Select the Unblock option:




Delete Object

By deleting an object record, the personal data associated with the record will no longer be stored in the application. Prior to completing deletion, you will be able to download the personal data to archive elsewhere if necessary.

The following outlines the steps for deleting the personal data linked to an object record:

  1. Search for the objectType of the record you would like to delete by entering objectType:{object} in the search field, where {object} equals the objectType with personal data associatd with it (example: BusinessPartner, Contact, etc):



  1. Click the object ID of the record you wish to block.
  2. Select the Delete option:



  1. Confirm the deletion.
  2. Personal data from the object will be removed.

For integrated systems users (example: SAP B1 connector): you must ensure that the personal data has also been deleted there as well.