Home
  • en
  • nl
  • fr
  • de
  • es

Designing the Group Editor

Laurens Mommers

COO

Over the past year, we have been working on improving the Link personal data and data sources function. It took us more time than we hoped for, because it appeared hard to make the user interaction really simple. From early November, we will make available the new Group editor. This enhances current functionality in order to give more freedom of expression and greatly facilitates the actual grouping activity.

Group Editor in PrivacyPerfect tool

What is the problem that this new function solves?

Article 30 GDPR remains rather vague as to what has to be laid down into your processing activity register. For instance, art. 30(1)c requires "a description of the categories of data subjects and of the categories of personal data" for a processing activity. Does this mean that you have to describe which categories of personal data are processed for a particular data subject category?

So many people, so many interpretations of the GDPR. We thought it would be a good idea to facilitate basically any interpretation that you might have. Therefore we have put together the following elements into the Group editor:

  1.  Data subject categories (literal concept from the GDPR)
  2. Personal data categories (literal concept from the GDPR)
  3. Personal data items (specification of personal data categories)
  4. Data sources (a term we coined for any system or source processing personal data)
  5. Retention terms ('time limits for erasure' in the GDPR)

Now, for each of these elements, it's up to you to make combinations. Once you start combining items from two or more elements, you are creating a group. This allows you to express all kinds of relations, depending on your own preferences and the situation in your organisation. To give a few examples:

  • To express that employee data with categories contact details and payment data are stored in ADP and will be retained for 3 years
  • To express that all data in SAP will be stored for 1 year
  • To express that all health data (a special category of personal data) for employees will be retained for only a month

Again, these are only a few examples; variations are endless. We expect guidance from supervisory authorities and the EDPB about the article 30 register to be published soon, and we anticipate following that guidance by allowing a maximum degree of flexibility in the PrivacyPerfect application. Below, we list a number of questions we anticipate could rise because of the introduction of this new functionality:

What are groups?

We chose the term ‘group’ to denote a relation between data subject categories, personal data categories, personal data items, data sources and retention terms. They allow you to express, e.g., that employees’ contact data (name, address, phone number) are stored in SAP with a retention terms of 3 years.

When will the Group editor go live?

This is currently expected to happen from October 25 onwards. Our customer contacts will receive a notification when the new function will be available. There will be online help in the form of an animation video and documentation in our manual.

How is the user interface improved?

There is no need anymore to open a different lightbox. You can easily add items to a group in the order you prefer. There are no required fields in a group: any combination of at least two different elements can be made.

Why facilitate so many combinations?

We have noticed that all our customers have different needs. One focuses on data sources (systems in which personal data are being stored) and makes this the primary ‘key’ for identifying processing activities, another is focused on personal data categories and retention terms. We want to make our application as flexible as possible for expressing such differences.

What happens with my current data?

Of course, all existing ‘links’ will be migrated to the new ‘groups’. The groups will be visible in the Add/Edit processing form. We will also continue to work on improving the accessibility of the group information in reports etc.

What is the ultimate purpose of the group editor?

PrivacyPerfect wants to offer a simple yet flexible solution for maintaining your privacy landscape and improving your privacy governance. The vagueness of the GDPR requires a software solution to facilitate different interpretations and approaches towards the registration obligations. The Group editor is one of the means towards this purpose.

 

gdpr guide