1 year ago

EU-GDPR data protection requirements and versiondog

  • Text
  • Versiondog
  • Gdpr
  • Auvesy
  • Requirements
  • Germany
  • Stored
  • Software

AUVESY's position on

AUVESY's position on data protection for the US market must fulfil the requirements of the Food and Drug Administration (FDA), hence data must be stored for a comparatively long period of time in order to provide long-term verifiability that all FDA rules were adhered to. A similar situation exists in the automotive industry with regard to the manufacture of safety-related components. Data collection and processing The versiondog software qualifies as privacy-friendly according to the criteria set by the GDPR. Chapter IV, Article 25 defines these as "Privacy by Design" and "Privacy by Default". The versiondog data management system satisfies them both to the greatest possible extent. With regard to "Privacy by Design", versiondog limits the amount of personal user data that it requests to the minimum necessary. Furthermore, the versiondog system administrator can decide whether a name or an anonymised user number is appended to a Check-In. The administrator can alter this setting individually for any user at any time. Additionally, there is only one mandatory user details field; in line with the criterion "Privacy by Default", this field does not require a user's real full name. Any username or pseudonym can be entered. The administrator is also able to anonymise logged user data retrospectively. Thus versiondog administrators have the technical means to ensure that personal data is handled as required by Chapter IV, Article 25 of the GDPR. Protection of personal data against misuse The purpose of the versiondog data management software program is to store data. It does so in the form of versions, which are committed to the system database by the user. versiondog stores data centrally on Check-In, from where it is available to other users to Check-Out. As such, the latest approved version can always be obtained from the system. The Check-In of a version of a project can be deemed to be the point of approval and release. In this way, it will be clear which user made changes before a release and what those changes were. From the viewpoint of confidentiality and the protection of personal data against misuse, the versiondog software was designed to ensure the following: - When a version is created, only the time and date when the data was stored is recorded. The length of time the user spent working on the project is neither visible nor recorded. The only thing that is visible is the fact that there is a new version available. It is not possible, either manually or automatically, to deduce from the change history or the data storage © AUVESY GmbH · Fichtenstrasse 38 B · 76829 Landau in der Pfalz, Germany Last updated: 17/05/2018 Page 2 of 5

AUVESY's position on data protection actions any personal performance factors, such as diligence, mistakes, discipline or hours worked. - versiondog does not evaluate the quality of changes when versions are created. Differences are only detected for the purposes of storing and safeguarding data. - Users are free to decide whether or not they store intermediate versions with unfinished changes. There is no requirement to create a version at any specific point in time and no requirement to create versions at a specific frequency. There are no versiondog settings that can be used to do this. The user decides when to create a version. - The changes that are to be made before the creation of a new version of a project are decided upon by the versiondog user. The user is also responsible for documenting the changes. versiondog shows that changes have been made, but does not appraise or evaluate them in any way. Because versiondog stores data for the purpose of change management, the question might arise as to whether or not the personal data gathered is also used as a means of employee surveillance. In view of the foregoing explication of data protection within the software, AUVESY's clear and unequivocal answer to this question is that it is not. Access to and erasure of personal data in versiondog in accordance with the GDPR One of the fundamental changes brought about by the new data protection regulation is the right to erasure ('right to be forgotten'). Chapter III, Article 17 of the GDPR states that "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay . . . ". And Chapter III, Article 15 of the GDPR states that "The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data . . . ". Any response to such an enquiry must include details about how the data is stored as well as the type and extent of the processing that it is subject to. A legitimate request from the person for their data to be deleted must be complied with. The facility to meet the obligation to comply with a legitimate request to delete personal data in © AUVESY GmbH · Fichtenstrasse 38 B · 76829 Landau in der Pfalz, Germany Last updated: 17/05/2018 Page 3 of 5

versiondog Factsheets collection

© Copyright 2020 AUVESY GmbH - All rights reserved.