GDPR Functionality for Highstage

Goal

Highstage includes functionality that can assist a company in their GDPR efforts. The GDPR Module provides extended functionality and controls that enable Highstage to be compliant with the EU General Data Protection Regulation (GDPR)

Highstage does not by default support deletion of any file or information concerning Highstage objects. This GDPR module enables the company to remove associated files with highstage objects and thereby to comply with the "Right to be forgotten" stated by the European legislation. The functionality does this at the same time as leaving the full history of the impact from the feature.

The Highsage GDPR module does not automatically delete any files but instead creates needed controls that allow the Companies "DPO" or likewise responsible for addressing the problem. This document introduces this functionality covering both setup and usages of the feature.

Functionality

The GDPR module is designed with a number of controls in mind that aim to help the data responsible find relevant documents that have been flagged for personally identifiable information (PII) or similar private information.

When the GDPR Relevant flag is set for a document, the document will show up in GDPR List for the users. First when the GDPR Active flag is set the functionality handling deletion of the files is activated. When the function is activated, a retention date is set x amount of days in the future from this date. This day in the future represents the last date that the document files can be accessed before deletion. Until this day, the date can be extended, or GDPR deletion can be deactivated if deemed by the GDPR manager. By systematic reviewing the document flagged for PII, the company actively makes sure that only relevant documents are flagged for having PII or private information within. The GDPR manager can then routinely get an easy overview of files that need attention and easy controls for removal.

The length of the retention period can be centrally adjusted to accommodate multiple document types with separate requirements or individually set on each document if particular retention period is required.

When the disposal date is met, Highstage will automatically dispose of the affected documents. If suddenly deletion of a document is needed The GDPR Manager can manually dispose of an item when needed by, setting the GDPR active bit and pressing the Dispose button. This will dispose of the items immediately.

Controls

Lists

The GDPR module creates three lists which the data responsible can use to control affected documents.

• GDPR list - Give the responsible a full list of items where the GDPR relevant flag have been set, allowing him to search specifically on a document containing PII data.
• Watchlist - Contains documents that are approaching the retention date, giving access to items which should be reviewed.
• Disposelist - Give the responsible access to see a list of items which have been disposed

Extend the Retention date

The GDPR manager can extend the retention date on an item by either pressing the [Extend] button from the GDPR or Watch-list or directly from within the default form on the specific highstage document.

Manually dispose of an item

The dispose button enables the GDPR-responsible to dispose of the associated file content for a highstage document by pressing the [Dispose] button. The button is only available when the retention date is met. The dispose button is available from the Watch or dispose-list or directly from within the default form on the specific highstage document. It is possible for the GDPR-responsible to set the retention date to today's date and then press the [Dispose] button for an imitate disposal of the associated data. This action will remove associated files from an item folder. This action will be traced in the event log for the specific item.

Justification field

It is possible to reference a justification document to any GDPR flagged document, this document can, for example, contain the company's contract that allows them to have and use the specific data. If could also be a document describing the procedure that the company has about handling this data. There are no default limits or functionality related to the field should be used according to the companies data protection policy.

Installation

Highstage GDPR Are not bundled with Highstage by default but are available on demand as a customisation.

1. Go to https://www.turbostage.net/ts/ts/view.aspx?t=part&o=TS_TWEAK10194-1I
2. Download the zip package and unzip it in the Highstage tweak folder so all fines from the package are places inside a folder called "gdpr" inside the tweak folder.
3. Include the following two lines in the custom.schema.xml

1
<include src="/tweak/gdpr/gdpr.schema.xml" watchlistPeriod="300" gdprread="advanceduser" gdprAccess="activeresource1"/>
2
<job name="GDPR" interval="24:00" url="tweak/gdpr/gdpr.job.aspx" />

Remember to Apply the schema changes to the database, This is done by going to System -> Schema -> Apply

Setting GDPR Access

The ability to control who can set the GDPR flag on documents is controlled by the include parameter [gdprAccess], The parameter takes in vector role(s) that will be allowed to set/unset the GDPR-property for the item(s). It can also be combined with a separate vector role loaded from the AD groups or an existing one.

Example 1 - GDPR flag by User levels

As an example, the existing [userlevel] vector role could be used. This would give all users that can run that level access to enable the GDPR functionality.

xxxxxxxxxx
1
1
gdprAccess="SuperUser"

Alternatively the Advanced user level can also be used

xxxxxxxxxx
1
1
gdprAccess="advanceduser"

Example 2 - GDPR flag by Separate AD Group

The vector attributes in the GDPR module can also be combined with a vector role based on an AD group. For example, an AD group called [hsDocController] add the following line:

xxxxxxxxxx
1
1
<vector-role name="DocController" usergroup="hsDocController" description="Members of AD user group DocController" />

In addition change, the gdprAccess attribute to the name of the vector role in the schema include:

xxxxxxxxxx
1
1
gdprAccess="hsDocController"

Setting the ability to read GDPR settings

The ability to control who can see the GDPR settings for the documents is controlled by the include parameter [gdprread], The parameter takes in vector role(s) in the same way as the [gdprAccess] attribute, both existing and new vector roles can be used. The default example is that all users running as advanced users are able to see this information. However this can be changed to super users by changing the attribute to

xxxxxxxxxx
1
1
gdprread="SuperUser"

A full list of vector roles can be found under System -> Diagnostics -> Vector Roles

Configuration

Under document types in the options section on any document subtype the following settings are available:

• GDPR Relevant Mark this ItemType GDPR relevant so it can be safely tracked
• Justification Document Justification Document describing the reasoning for GDPR Relevance and/ or policy
• GDPR Active Mark this ItemType and it will be inheriting the GDPR active flag set by default and scheduled to be disposed of by default
• GDPR Retention Period Duration (in days) of the GDPR retention period
• GDPR Watchlist Period Duration (in days) of the GDPR watchlist period before disposing

Make a subtype GDPR Relevant by default

A document that share type usually shares characteristics. Therefore it is possible to enable GDPR on subtype level. This property makes sure that all new items created of that subtype have the GDPR relevance property set. This is the first parameter in the subtype options section called "GDPR Relevant".

Make a subtype GDPR Active by default

The "GDPR Active" property makes sure that all new items created of that subtype has the GDPR active property set by default.

Setting the retention period

The Retention date can be set on subtype level. Locate the desired subtype and under options, find the column [GDPR_Retentionperiod], the default date, by default this period is 365 days.

Setting the Watchlist period

The period that items should come up in the watch list can be controlled by setting the watch list period parameter in schema line. This is the number of days that an item should appear in the list before the retention date.

configuration of automatic disposal

configuration of automatic disposal

As this feature enable Highstage to delete data from the folder related to an item automatically, this setting has strong consequences. Therefore, It can be easily disabled. This is done by removing or commenting out the line in the schema where the GDPR job is included:

xxxxxxxxxx
1
1
<job name="GDPR" interval="24:00" url="tweak/gdpr/gdpr.job.aspx" />

It is possible to confirm that automatic disposal has been disabled, by pressing [Reset] and go to System -> JobList and checking GDPR in the job name. If there is no job including GDPR, then the automatic disposal is disabled.

Usage

After setting up the GDPR Module, the document needs to be flagged in order for Highstage to start tracking the PII containing documents. This can either be done manually document by document or set for all document of a specific subtype to be created with the GDPR relevant flag set as described earlier.

Behaviour by examples

It is only possible to set the GDPR active flag when the GDPR Relevance flag is set.

1. When GDPR Relevance is set
2. GDPR Active is shown

When a change is made on a document, the new revision inherit the GDPR properties.

1. When a new revision of a document is created
2. The New revision inherit the GDPR properties from the previous revision

Are GDPR properties set on any revision in the revision tree, the other revision inherit this. Both activating and deactivating GDPR Relevance.

1. When GDPR Relevance is set on any revision
2. All other revisions of that item inherit this property
3. Both revisions before and after the revision it was set on

When the GDPR Activate flag is set or unset, the retention date is changed.

1. When The GDPR Active flag is set,
2. The retention date is automatic set.
3. For other revisions of the same item, the Active flag is also set.
4. This result in retention date is also set on these revisions.

1. When The GDPR Active flag is unset,
2. The retention date is cleared.
3. For other revisions of the same item, the Active flag is also removed.
4. This result in retention date is similarly cleared for these revisions.

Flagging a specific document

All users who have the [GDPRread] vector role configured in the schema, can set the GDPR flag and retention date. Under the document in the Options section, the GDPR section should now be available.

By activating the GDPR field, Highstage will automatically set the standard retention date to Today's date + the retention period. Like any other change in Highstage, it is tracked in the Eventlog when a property is changed.

Mass adding the GDPR-property for items

The organisation properly already have a lot of documents they want to add. These items should be added manually. Just go to search documents, choose the grid [GDPR], remember to set the filter to all revisions if previous versions of a document also contained PII.

Mark all relevant documents and set the GDPR flag, if all documents should be flagged, use the [Select all] in combination with the * in search parameters. When the GDPR Checkbox is set for all relevant items. Changes take effect from the moment the bit is set. A retention date for the item will be set according to Today's date + the retention period.

Remove GDPR-property from an item

To remove GDPR functionality from an item, view the item as an advanced user, and under Option -> GDPR remove the checkmark from GDPR.

The GDPR Menu

When adding GDPR functionality to Highstage, a new menu item will be added to the menu section Documents. It includes the following elements:

The menu allows the Data responsible, to easy access and review GDPR flagged documents.

GDPR list

This menu link shows a search grid of all items that have the GDPR Bit set. This allows easy search in all relevant items.

Watch List

This list of items allows the user to extend the retention date for a specific item. The item will show up in the list when the items retention date is closer than the watch list parameter.

Disposed list

This list of items allows the user to see which items have met the disposed of date and have been deleted.

Disposing of an item

When the Data responsible have disposed of an item, the GDPR section changes its appearance and text indicating the associated files have been deleted is shown.

In the associated Eventlog, a list of GDPR changes is present together with a list of the deleted files.