Case study
In 2016, there were an increasing number of articles in the media about the forthcoming adoption by the EU Member States of a General Data Protection Regulation, known as the GDPR. At that time, data protection was already an important issue and it was about time for a unified regulation.
One of our clients contacted us shortly afterwards and said that they would like to start preparing for this in time, and they need our assistance as well. After a thorough study of the legislation, we saw that one of the most important things was the deletion of personal data from IT systems.
But we also immediately saw that we had to solve a number of logical, practical problems:
- the integrity of the database must not be compromised
- care must be taken when deleting debtors with more than one case
- it must be possible to handle complaints even after deletion
- there must be no conflict with the requirements of the accounting regulations.
As a result of the harmonisation of many aspects, our Anonymisation module was born.
Protection of personal data
The General Data Protection Regulation, or GDPR, came into force in the 28 EU Member States, including Hungary, in May 2018. The regulation is “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (Regulation (EU) 2016/679 of the European Parliament and of the European Council). Personal data is any information relating to a natural person or a business which makes it possible to identify that person, directly or indirectly.
Anonymization of documents
The regulation provides for the removal of personal data from IT systems under certain conditions. However, as these data are interlinked in numerous ways in the IT system, deletion would often lead to inconsistencies. Instead, anonymisation can be used to “anonymise” individuals whose data should no longer be stored in the system.
In the INDECS debt management system, the module archives the documents of closed cases and, if the process parameters are defined, anonymizes the individuals involved in the case.
The anonymisation is subject to the condition that the individual is only listed in the case to be anonymised and is not linked to another case (as a tax partner, heir, etc.). If he is, the anonymisation will not take place. Depending on the settings, the names and addresses of the individuals in the cases will be anonymised, and the telephone number, ID number, date of birth, mother’s name, tax number will be deleted.
The anonymisation module can perform anonymisation on individual cases or in bulk. It is important to stress that the changes made by the module cannot be undone!