Erase personal data stored in the XTRF system
- Oksana Vishchuk
Introduction
GDPR, which took effect on May 25th, 2018, among other reasons and regulations, requires companies to delete personal information upon request.
To comply with these requirements, XTRF introduced a new method for erasing the collected data of your clients, vendors, their contact persons, and Home Portal users.
By default, the XTRF Platform doesn't allow deleting entries that have been involved in other parts of the system. For example, when a project is created for a specific client, their account cannot be deleted as it is linked to the project. If a vendor is engaged in a job, their details are 'locked' in a different part of the database: project, payables, notes, etc. Similarly, users who manage projects, create documents, and are assigned to other roles in the system cannot simply disappear from it. Therefore, the Delete option, which removes the profile completely, cannot be used in most cases.
How do we comply with the data-erasing requirement?
As some elements of the database cannot be deleted, XTRF will remove personal data by overwriting it. As a result, the original personal data will not be available in your XTRF. You will not know who was the original company or person behind the anonymized profile.
XTRF will delete any details it can, leaving the fields empty. Mandatory fields will be populated with random strings of digits and an ‘Erased’ tag so that you can easily identify and filter them out when browsing or reporting.
The anonymized client, vendor, and contact profiles will be deactivated.
In CRM items, the information about e-mail recipients will be removed.
The related entries in the History tab will be anonymized.
Individual directories on the XTRF server will be renamed according to anonymized names.
Related personal files can be deleted or not, according to your preferences.
Similar procedures are used to erase Home Portal users' personal data. All values will be deleted from fields, and mandatory fields' values will be anonymized, as they cannot be empty.
Erasing personal details cannot be undone! However, after you erase personal data from a specific profile, you can still edit it and restore details manually. Therefore, the erasing can be performed on a profile multiple times.
Erasing personal data will not affect related quotes, projects, invoices, and other XTRF Platform items in terms of their basic parameters (languages, specializations, jobs, dates, etc.). Instead, anonymized values will appear in client, vendor, contact person user-related fields. You will still be able to find those items, display all their details except the personal data, and create reports on them.
How to perform data erasing?
The Erase Personal Data button is available in the following Home Portal areas:
In edit mode in each client, vendor, contact person and user profile.
In the Delete dropdown in the Client, Vendor, and Contact browsing view.
After you click the Erase Personal Data button, the following popups will be displayed:
For clients and vendors:
Here you can additionally specify whether you want to
simultaneously erase all related contact persons' personal data.
delete associated personal files from the disk (for details, see the https://help.xtm.cloud/xtrf/home-portal/modules/en/personal-files-subtab--vendors-.html article).
For contact persons and Home portal users:
Click the Yes, Erase button to confirm the action.