- Defining items with personal data
- Starting the GDPR audit
- Implementing the records of processing activities and printing the folder
A GDPR audit is available to easily identify and monitor personal data in a WINDEV, WEBDEV or WINDEV Mobile application.
Defining items with personal data
Items with GDPR-relevant data can be defined in the data model editor.
To define the personal data:
- Open the analysis associated with the project.
- If a file item corresponds to personal data:
- Select the file in the analysis graph (or in the "Analysis" pane).
- Open the description window of the items (select "Description of items" in the context menu of the file).
- In the table presenting the list of items, the "GDPR" checkmark is used to indicate whether an item contains personal data:
- Check "GDPR" for the relevant items.
- Generate the analysis.
- If "Enable the "personal data" option when creating items" is enabled in the data file description window ("Options" tab), the "GDPR" option will be enabled for any new items in the data file.
The "GDPR" option can be unchecked at any time at item level if it is not required.
- The RGPD property is used to determine whether the "RGPD" option is checked for an item.
Caution: Implementing the "GDPR" option in the analysis makes the analysis incompatible with the earlier versions. This feature is available from version 23 Update 2. If the analysis is shared between several projects, once the "GDPE" option is implemented, this analysis can only be opened by a product in version 23 or later.
Starting the GDPR audit
To start the GDPR audit on the current project configuration:
- On the "Project" tab, in the "Audit and performance" group, expand "Static audit" and select "Audit of personal data (GDPR)". Remark: The GDPR audit can also be started from the data model editor: on the "Analysis" tab, in the "Analysis" group, click "GDPR audit".
- The window that is displayed includes several tabs:
- Audit by data source: This view is used to find the entire data affected by GDPR as well as tips (encryption requirements, visibility, ...).
- Audit by project element: This view is used to check the personal data accessed by an element (a window for example). This allows you to check (if necessary) the access requirement and to perform the modifications (deleting or checking the access for example. The elements based on a query containing data affected by GDPR are also listed.
Caution: The GDPR audit lists the uses of personal data for the current project (and project configuration), linked to the analysis for which the GDPR data was defined. If the analysis is shared between several projects, the audit must be performed in each project.
Reminder: The GDPR audit is used to find out the use of "personal" data defined in the analysis. To comply with the regulation, the personal data must also be secured. You can for example:
- Encrypt data (for the HFSQL databases, all you have to do is specify it in the data model editor).
- Protect the databases via identifiers: all you have to do is define users/passwords from the HFSQL Control Center.
- Protect the opening of data files by password (HPass on HFSQL databases).
- Encrypt the communications (HFSQL allows you to restrict the opening of connections to encrypted connections) and use SSL (https).
Implementing the records of processing activities and printing the folder
In the GDPR audit, the "Additional information" tab is used to:
- Create or include a record of processing activities.
To do so, expand and select the desired option: You can:
- select an existing record of processing activities ("Browse" option). All file formats can be used. The files in docx and xlsx format will be automatically opened and included in the printed GDPR folder.
- create a record of processing activities (from a template or from an empty document).
- Pr&int the GDPR documentation.
All you have to do is click the "Print the folder" button.
Remark: If a record of processing activities was specified, it is included in the printed folder. This folder presents the description and use of items containing personal data in the project.
This page is also available for…