The GDPR (General Data Protection Regulation) is a set of rules and regulations intending to provide more control over their personal data to all individuals within the European Union and the European Economic Area.
It applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location. If you store or process the data of EU individuals, GDPR will apply to you.
GDPR is mostly about your data processing policies, and to be transparent about them. So how does this relate project management in general and to the use or operation of ]project-open[?
Please try to answer the following questions first:
]project-open[ stores various types of data about a user. You will have to inform any non-employee about the storage of these data and ask for their permission to continue to store these data:
]project-open[ stores most data about users in user object type. By default, this object contains the following fields:
]project-open[ includes the possibility to extend the basic user data with additional dynamic fields. These DynFields are installation dependent. Please make a list of the user related DynFields in your system and add them to the list above.
In addition to this basic user data, ]po[ also stores the relationship of users to other objects (projects, companies, inventory items, ...). This data is listed in the User -> Related Objects portlet on the user's page.
]project-open[ will store a complete list of changes that a user has performed to business objects, if you have installed the audit Enterprise package.
The audit data include the following information for each change:
Finally, each interaction of the user with the Web application server is stored in the Web server logs.
These data are different from the previous ones, as they are not stored in the database, but in separate log files only accessible for system administrators. These files should be deleted periodically.
Please see the security architecture pages for detail on the ]po[ security architecture. This architecture in general complies with GDPR requirements to keep user data safe.
However, GDPR compliance depends on the specific implementation of safety measures by you. For example, running a ]project-open[ system without regular updates violates the GDPR, because known security vulnerabilities may not be corrected.
GDPR requires to you perform the following action on request of the user, or by a user not agreeing to their data being processed. ]po[ in it'd default configuration allows to perform all actions required by the GDPR:
Note: This article has been written by Frank Bergmann. Frank is not a lawyer, and this article is not legal advice.
Calle Aprestadora 19, 12o-2a
08902 Hospitalet de Llobregat (Barcelona)
Spain
Tel Europe: +34 609 953 751
Tel US: +1 415 200 2465
Mail: info@project-open.com