This manual gives an introduction to Atomia GDPR related features. It covers the installation and configuration of the system in order to enable the features.
Overview
The General Data Protection Regulation (GDPR) is a privacy and security law that was drafted and passed by the European Union (EU). It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018.
GDPR in Atomia
Starting with version 18.4 of Atomia (with upgrades in the following versions), some GDPR related features are added to the Atomia platform with several convenient tools to help companies using the platform to be GDPR compliant. Specifically, the tools are set in place to help with the support of the Right of Access (Article 15), Right to Portability (Article 20), and Right to erasure (Article 17).
Major change related to GDPR is a new GDPR Web API which is installed as a separate Atomia component. All data fetching and manipulation related to GDPR is done via this API. The API is called from other Atomia components (GUI, Billing) but it is also possible to use it directly in case there is a need to integrate with the larger GDPR solution that companies using Atomia already have set up.
Right of Access (RtA) and Right to Portability (RtP)
The RtA and RtP are implemented as a new GDPR search page in the Atomia Admin Panel that lists the personal data and has an option to export the search result set. More information about the page can be found here.
Right to erasure (RtE)
The RtE is performed via anonymization in all main Atomia databases (Account, Billing, Provisioning). Anonymization means that we are replacing personal data with an empty string in almost all cases. Personal data includes First/Last name, Address, Email, City, Country, Zip, Phone, Fax, IpAddress, username…
Retention based Erasure of unstructured personal data
This feature covers clean up of different logs and account content, from various storages such as databases or server files, that can hold traces of unstructured personal data either from active or terminated accounts. It will affect the following logging mechanisms:
- DomainReg log (database log)
- Web servers logs (multiple file system logs on multiple servers)
- Windows Event Logs (multiple servers)
- Audit log (database log)
- ActionTrail log (database log)
- Email sending buffer (database log)
However, since this setup is highly dependent on the Atomia client environment, please contact our support (use support code PROD-1022) to get more details about how to configure this behavior.