GDPR - Retrieving or anonymizing personal data

Contents

GDPR - Retrieving or anonymizing personal data

Overview

The General Data Protection Regulation (GDPR) introduces a single legal data protection framework for both businesses and individuals within the European Union (EU). The GDPR was approved on April 2016 and became directly applicable on 25 May 2018. As of that date, all companies (including those outside the EU) that control or process personal data relative to EU residents are obliged by the regulation to satisfy certain user rights.

When using Nexthink, companies store data that describes the digital behavior of end-users and allows their personal identification. This kind of personal data usually lies in the context of employment; that is, end-users are often employees of the company that controls and processes their data, although this may not always be the case. Even if the GDPR allows for specific rules to the processing of personal data in the context of employment (see article 88), the protection of this data is still under the GDPR, as long as your employees are EU residents. Consult your legal department in case of doubt.

GDPR in the Web Console

To help you comply with the regulation, the Web Console includes a GDPR-specific section that provides you the two following functions:

Retrieve user data
Article 15 of the GDPR grants data subjects the right to access their personal data. Run the script in this mode to retrieve all the data relative to a particular user or device.
Anonymize user data
Article 17 of the GDPR grants data subject the right to be forgotten. The script transforms the name of a user or a device to render the personal data unidentifiable.
GDPRWebConsole.png

These functions are available in either the Portal or the Engine databases according to the following table:

Function Portal Engine
Retrieve user data Yes Yes
Anonymize user data Yes No

Retrieving user data

To retrieve user data:

  1. Log in to the Web Console.
  2. Select the APPLIANCE tab at the top of the Web Console.
  3. Click the GDPR section on the left-hand side menu.
  4. Under Retrieve user data, check either:
    • Username, to retrieve all the data related to a particular user.
      Type in the name of the user as it appears in either the Finder or the Portal.
    • Device name, to retrieve all the data related to a particular device.
      Type in the name of the device as it appears in either the Finder or the Portal.
  5. Tick either one or both:
    • Engine data to retrieve user or device data from the federated Engines.
    • Portal data to retrieve user or device data from the Portal.
  6. Click DOWNLOAD DATA.
    1. In the GDPR Retrieve data dialog that shows up, read first the confirmation message about the operation that you are about to make.
    2. Type in the credentials of a Nexthink user with the Data privacy property set to none (full access) so that the user has access to the Web API:
      1. As Username, type in the name of the existing Nexthink user.
      2. As Password, type in the password of the existing Nexthink user.
    3. If you want to retrieve Engine data, ensure that the Engines that hold the user data show up in the Engines List. Remember that you can only retrieve data from federated Engines.
    4. Click CONTINUE.
  7. Wait for the data retrieval to finish.
  8. Optional: Click CLOSE to cancel the data retrieval process.
  9. Once the data retrieval is finished, the download of the file gdpr-data.tar.gz starts automatically.
    • If the download does not start automatically, click the link CLICK HERE.
  10. Click CLOSE.

The downloaded file is the result of compressing a set of CSV files that hold all the recorded activity of the user (if Engine data was retrieved) and the results of metrics that have any information related to the user (if Portal data was retrieved).

Anonymizing user data

To anonymize user data in the Portal:

  1. Log in to the Web Console.
  2. Select the APPLIANCE tab at the top of the Web Console.
  3. Click the GDPR section on the left-hand side menu.
  4. Under Anonymize user data, check either:
    • Username, to anonymize the data related to a particular user.
      Type in the name of the user as it appears in either the Finder or the Portal.
    • Device name, to anonymize the data related to a particular device.
      Type in the name of the device as it appears in either the Finder or the Portal.
  5. Tick Irreversibly anonymize Portal data to confirm your choice.
  6. Click ANONYMIZE DATA.
    1. In the GDPR Anonymize Portal data dialog that shows up, read first the confirmation message about the operation that you are about to make.
    2. Type in the credentials of a Nexthink user with the Data privacy property set to none (full access) so that the user has access to the Web API:
      1. As Username, type in the name of the existing Nexthink user.
      2. As Password, type in the password of the existing Nexthink user.
    3. Click ANONYMIZE.
  7. Wait for the data anonymization to finish.
  8. Optional: Click CLOSE to cancel the data anonymization process.
  9. Once the data anonymization is finished, the user is anonymized in the Portal.
  10. Click CLOSE.

Other mechanisms to comply with GDPR

In addition to the GDPR menu of the Web Console, remember that Nexthink provides you with other mechanisms that can help you comply with the GDPR:

Removal of devices
Helps you comply with the right to erasure by completely removing all the stored information about a particular device from the Engine.
Anonymization in traffic redirection
Helps you comply with the GDPR by removing all the information that can potentially identify a person from the Collector traffic received by the Engine.


Related tasks