Skip to content
Find file Normal view History Permalink
data-protection.rst 2.45 KiB
Newer Older
TiG's avatar
add headings for user guides  
TiG committed
1 2 3 4 5 
==========================
Data protection: workflows
==========================
Bengfort's avatar
write data protection guides
Bengfort committed
6 7 
.. _data-protection-dashboard:
Bengfort's avatar
fix typo  
Bengfort committed
8 
Use the data protection dashboard
Bengfort's avatar
write data protection guides
Bengfort committed
9 10 11 12 13 14 
=================================

Click on **Data protection** on the front page to go to the data protection
dashboard. This dashboard lists tasks you need to take care of by initiating
follow-up steps for each category.
Bengfort's avatar
adapt data protection guide to new UI  
Bengfort committed
15 16 17 18 
-   A subject is tagged **Export requested** if they requested a GDPR export.
    See :ref:`subject-export` for the necessary steps.
-   A subject is tagged **To be deleted**, **No legal basis**, or
    **Unreachable** if they should be deleted for different reasons. See
Bengfort's avatar
write data protection guides
Bengfort committed
19 
    :ref:`subject-delete` for the necessary steps.
Bengfort's avatar
mention Unnecessary recruitment data for data protection dashboard  
Bengfort committed
20 21 22 
-   A subject is tagged **Unnecessary recruitment data** if they have
    recruitment data, but no recruitment consent. See
    :ref:`subject-unnecessary-recruitment-data` for the necessary steps.
Bengfort's avatar
write data protection guides
Bengfort committed
23 24 25 26 27 28 

In all those categories it usually makes sense to contact the subjects before
taking any action. For example, subjects often want only a part of their data
deleted.

Most of the categories have legal time limits, so you should check the
Bengfort's avatar
fix note in data protection notifications  
Bengfort committed
29 30 
dashboard regularly.
Bengfort's avatar
use hint and example consistently  
Bengfort committed
31 
.. hint::
Bengfort's avatar
fix note in data protection notifications  
Bengfort committed
32
Bengfort's avatar
refine wording  
Bengfort committed
33 34 
    It is recommended to configure an email address that should receive email
    notifications about new data protection tasks. Please ask your system
Bengfort's avatar
replace CASTELLUM_DELETE_NOTIFICATION_TO by CASTELLUM_GDPR_NOTIFICATION_TO  
Bengfort committed
35 
    administrator to setup ``CASTELLUM_GDPR_NOTIFICATION_TO``.
Bengfort's avatar
write data protection guides
Bengfort committed
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 


.. _subject-export:

Export all data related to a subject
====================================

According to GDPR, subjects have the right to get an export of all their data.
This is especially important for scientific measurements that need to be
provided in a common file format. Compared to that, the data stored in
castellum is rather simple (e.g. name and address). Still, it is possible to
generate a complete list of all the information that is stored in castellum on
a single subject.

1.  In the subject details, go to the **Export** tab

2.  If you see a message saying **No export requested**, you need to
    explicitly **Request export**. The date of the request will be stored.

3.  The complete list can be printed or otherwise stored.

4.  Once the subject has received the export, click **Mark as answered** to
    record how long it took to process this request.
TiG's avatar
add verification warning to export  
TiG committed
59 60 61 

.. warning::
Bengfort's avatar
Gardening  
Bengfort committed
62 63 
    These steps only outline the data export from a software view. Your institute should provide organizational steps
    to verify actual identity of the requester. Furthermore, secure transfer of exported data needs to be set up.