Overview

You can use the System / Archibus Administrator - User and Security / GDPR - Search Personal Information task (ab-gdpr-search-data-subject.axvw) to find all personal information on a GDPR data subject and process GDPR requests.

In one place, this view lists the tables in the Archibus schema that hold personal information. The Others pane lists fields holding personal data that is unrelated to the Employees, Archibus Users, Craftspersons, Visitors, and Contacts tables. This panel includes fields from several tables, such as Insurers, Lessors, Teams, and so on.

Search for a Data Subject

Use the filter at the top of the view to search for a GDPR data subject (person). The search finds all occurrences of this party. For example, as shown in the below image, Will Tram is listed in the Employees, Users, and Craftspersons tables.

To see all records that have GDPR information, do not complete any fields in the filter and choose Search.

Review and Edit a Data Subject

To review a data subject, click on its record in the appropriate pane. The view presents a pop-up form with details about that party. If the data subject is stored in multiple tables and has the same email address in all tables, the form lists a section for each table, as per the below image for Will Tram.

You can review and correct any information for the data subject from this form.

The GDPR Removal Date for a Data Subject

The date_gdpr_removal field is found in the Employees, Visitors, Craftspersons, Contacts, and Archibus Users tables and is available for review and edit on the forms accessed from the GDPR - Search Personal Information view.

Setting a value in this field schedules the record to for removal by the scheduled workflow rule ( GDPRScheduledRemoval) , which runs daily and deletes all records where date_gdpr_removal ≤ <current date> .

The date_gdpr_removal field indicates specific records to be anonymized. This can be useful when your site starts implementing GDPR and making bulk deletions. The administrator can look into the database and set the date_gdpr_removal for employees, craftspersons etc., for which data is no longer necessary to be retained (for example, employees that no longer work in the company). This is a mechanism for bulk deletion instead of using the view to remove one record at a time.

Another use for this field pertains to handling situations in which the reference is incorrect. The scheduled workflow rule does not verify references for the retention period. Therefore, if an employee is no longer working in the company but for some reason is related to an activity_log record that does not have an end date, then that the workflow rule cannot anonymize the employee until the reference is fixed. Setting a date_gdpr_removal causes the scheduled workflow rule to remove that employee record disregarding the reference.

When immediate removal of an employee, contact, craftsperson, user, or visitor is not possible due to references in retention period and the end of the retention period is known, the application schedules the record for removal by setting a value in the date_gdpr_removal field. The form presents this field so that you can see the generated values, and edit them if necessary.

Editing the date_gdpr_removal field is a useful tool, but very powerful and should be used with caution.

Take Action on a Data Subject

Each panel of information provides the following buttons for working with the data. These actions meet the rights of GDPR data subjects, as defined in the regulations.

Button	Description	Meets GDPR Regulation
Save	Save any information changes requested by the data subject to update the accuracy.	Article 16: Right to rectification
Anonymize	Use this button to anonymize individual records separately from the scheduled workflow rule. Deletes the record immediately and its references for which retention restrictions do not exist, or schedules for deletion where there are retention restrictions and they are fixed. The scheduled workflow rule automatically anonymizes appropriate data each night. See the below discussion. A message informs you of the result of the anonymization attempt.	Article 17: Right to erasure
Anonymize All	For a party whose email address is the same in the Craftspersons, Employees, and Archibus Users table, deletes the employee information in all three tables. If only some of the data can be anonymized, for example the user can be deleted but the employee cannot be deleted due to retention period restrictions, then the system presents a message conveying that all of the information cannot be deleted and advising you to delete records using the Anonymize button on the individual panels.	Article 17: Right to erasure
Export	Exports to Word all information that Archibus keeps on a data subject for all roles and all processes, regardless of what role they played in that process or if they have multiple roles (Employee, User, Craftsperson, Contact or Visitor). This information includes all Archibus processes,(Work Requests, Work Orders, Move Requests, Projects, Action Items, Room Reservations, Hoteling Bookings) and all role fields (Project Manager, Approving Manager, Requested By, Requested For, etc.).	Article 15: Right of access by the data subject Article 20: Right to data portability

Anonymize a Data Subject (On Demand)

Although the scheduled workflow rule anonymizes data daily, on occasion you may need to manually anonymize data using the buttons in this view.

For example, suppose a company keeps track of its visitors but the company wants to keep the record of its visitors for 3 years for statistical reasons. So the value for the minimum retention period (MIN application parameter) will be 0 and maximum retention period will be 36 (3 years). Now, a visitor has the right to be forgotten by the GDPR provisions, so the visitor can request that his data will be deleted as soon as his visit ends. So the administrator will enter the view in Archibus and anonymize that visitor (on demand). If the visitor does not express his wish to be anonymized, then the scheduled WFR will delete that record after 3 years (to ensure another GDPR provision that states: data about a person is not retained longer than it is necessary).

Clicking the Anonymize button runs the GDPROnDemandRemoval workflow rule, which checks if there are references for the data subject that are in retention period and deletes the record only if there are no references. Otherwise, the process tries to schedule removal by setting the maximum necessary value for date_gdpr_removal . Removal cannot be scheduled if there are references in the retention period with unspecified end dates. In this case, the process informs you that removal is not possible.

The Anonymize action has three possible outcomes:

• Data subject could not be deleted, nor scheduled for removal because there is dependent data for which end dates have not been completed.
• Data subject could not be deleted because the data subject has dependent data that must be retained. The data subject has been scheduled for removal (the action entered a value for the gdpr_removal_date field).
• Data subject has been deleted.

Note: The data below from the US Federal Property Registry application that gets anonymized, but references are not checked by the WFR. The US users should consider the impact on this table if they use GDPR anonymization.
grp last_updated_by Last Updated by
grp_trans user_name_app_rej User Name Approve/Reject
grp_trans user_name_requestor Requestor User Name

Note : The System / Archibus Administrator - User and Security / GDPR Personal Information view displays a filter console containing the fields Name and Email. On all other databases, these fields are set to accept up to 128 characters. (APP-4792)