Commit 18225926 authored by Bengfort's avatar Bengfort
Browse files

write data protection guides

parent 69f7c2d8
......@@ -17,6 +17,8 @@ Relevant guides:
- :ref:`subject-delete`
- :ref:`study-create`
- :ref:`study-delete`
- :ref:`data-protection-dashboard`
- :ref:`subject-export`
.. TODO::
.. _data-protection-dashboard:
Use the date protection dashboard
Click on **Data protection** on the front page to go to the data protection
dashboard. This dashboard lists tasks you need to take care of by initiating
follow-up steps for each category.
- **Export requested** lists all subjects who requested a GDPR export. See
:ref:`subject-export` for the necessary steps.
- **To be deleted**, **No legal basis**, and **Unreachable** all list
subjects who should be deleted for different reasons. See
:ref:`subject-delete` for the necessary steps.
In all those categories it usually makes sense to contact the subjects before
taking any action. For example, subjects often want only a part of their data
Most of the categories have legal time limits, so you should check the
dashboard regularly. Unfortunately, it is currently not possible to notify you
of new tasks. The only exception is **To be deleted**.
.. _subject-export:
Export all data related to a subject
According to GDPR, subjects have the right to get an export of all their data.
This is especially important for scientific measurements that need to be
provided in a common file format. Compared to that, the data stored in
castellum is rather simple (e.g. name and address). Still, it is possible to
generate a complete list of all the information that is stored in castellum on
a single subject.
1. In the subject details, go to the **Export** tab
2. If you see a message saying **No export requested**, you need to
explicitly **Request export**. The date of the request will be stored.
3. The complete list can be printed or otherwise stored.
4. Once the subject has received the export, click **Mark as answered** to
record how long it took to process this request.
......@@ -21,6 +21,7 @@ Welcome to Castellum's documentation!
......@@ -64,36 +64,15 @@ Relevant guides:
Data Protection Coordinator
The group of people who deal with data protection issues in the workplace should
take on the role of **Data Protection Coordinator** in Castellum. Technically,
Castellum provides a Data Protection Dashboard for this purpose. In this
dashboard, the **Data Protection Coordinator** can see subjects divided into
four categories:
- Subjects that requested information regarding their personal data,
- Subjects that have been marked as **To be deleted**
- This applies when a subject demanded a deletion of all scientific data
related to them.
- The **Data Protection Coordinator** can see all studies the subject
participated in. He will contact all **Principal Investigators** and demand
the deletion of collected study data (provided that these are still
attributable to the respective subject).
- Once all links to studies have been removed, the subject can be deleted
from the database.
- Subjects for whom there is no (or no longer any) legal basis for keeping
them in the database and
- Subjects who cannot be contacted due to missing or wrong information regarding
their contact details.
The **Data Protection Coordinator** has the task of cleaning up the dashboard by
initiating follow-up steps for each category.
To initiate such follow-up actions, the **Data Protection Coordinator** is enabled
to perform the following functions in the database:
The group of people who deal with data protection issues in the workplace
should take on the role of **Data Protection Coordinator**. Castellum supports
these users by providing a **data protection dashboard** that collects all
relevant information in a single place.
Relevant guides:
- :ref:`data-protection-dashboard`
- :ref:`subject-export`
- :ref:`subject-delete`
- :ref:`study-delete`
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment