Personal data in statlook system

Statlook and its compliance with GDPR

The GDPR defines ‘personal data’ as a wide range of information concerning an identifiable person. These pieces of data allow one to identify such a person in a direct or indirect way.

Thus, there are many personal identifiers which serve as personal data. This includes name, ID numbers, location data or identifiers online. Technological development is also taken into consideration – and this concerns means by which organizations collect data concerning both workers and clients.

Another matter is defining personal data processing. GDPR describes it as collecting, recording, organising, structuring, storing, modifying, consulting, using, publishing, combining, erasing, and destroying data.

As such, it should be taken into consideration that statlook is a program that takes part in personal data processing. Below, we would like to present which solutions will help you to be compliant with the provisions of GDPR.

Adding and editing personal data

Statlook system includes an employee form. By using it, you may add and edit your workers’ personal data according to the need.

The personal data gathered by the program are as follows:

  • Name – the name of an employee
  • Surname – the surname of an employee
  • Phone number – the cell phone number of an employee
  • Landline – the landline phone number of an employee
  • Localization – the address or bureau number of an employee
  • Login – the login of an employee used in Windows domain
  • SID – the domain ID of an employee
  • Photo – the photo of an employee
An example of employee form usage
Form preview in Master console

Moreover, the form automatically fill in such data as:

  1. The date of creating the record,
  2. The name of the user who created the record,
  3. The date of last data modification,
  4. The name of the user who last modified the data
  5. Full history of changes done on the employee’s data
Employee history preview in Master console

Personal Data Record

statlook system enables its users to generate, print and save reports. Employees report may be generated both for a group or given employees.

The report is easy to configure and generates data which allows you to identify people. It includes such information as:

  1. The date of creating the record,
  2. The name of the user who created the record,
  3. The date of last data modification,
  4. The name of the user who last modified the data
a personnel report from statlook system
A preview of employee report in Master console

 

The model of personal data processing in statlook system

Three-level system architecture

  1. Statlook system consists of 3 layers:
    1. uplook Agents
    2. uplook Server – including the program’s database
    3. Master Console – the software that operates the system
  2. Personal data processing is done at two last levels of the system:
    1. The application server and the program’s database (storing, deleting and modifying data basing on the information from Master console)
    2. Master Console – the software to operate the system (Each module of the program enables its administrators and authorized workers to create, modify and delete personal data)

 

The description of personal data structure in a database

The database used by statlook includes charts and relations between them. They are used to store information concerning personal data. The relations and fields description are presented in a diagram below:

 

ucoUser – includes basic information about the employees. Personal data and contact details are gathered in such fields as:

  1. Id – the id of the user within a system, field type [int] IDENTITY(1,1) NOT NULL
  2. FirstName – the name of the employee, field type [nvarchar](128) NOT NULL
  3. Second Name – the second name of the employee, field type [nvarchar](128) NOT NULL
  4. LastName – The surname of the employee, field type [nvarchar](128) NOT NULL
  5. eMail – The employee’s e-mail address, field type [nvarchar](255) NULL
  6. Phone – the employee’s landline number, field type [nvarchar](64) NULL
  7. Mobile – The employee’s cell phone number, field type [nvarchar](64) NULL
  8. FAX – The employee’s fax number, field type [nvarchar](64) NULL
  9. Icon – The employee’s photo, field type [image] NULL
  10. Thumbnail – a thumbnail of employee’s photo, field type [image] NULL
  11. IdLocation – the field containing a number that in corLocation chart is equivalent to localization, field type [int] NULL

ucoUser chart relates to corLocation, , corUserAttribute, corCompany, corUserAccount and corUserLogin charts.

corLocation  – contains basic data about localization and contact details. The chart relates to ucoUser chart. Below, there is presented a list of fields containing contact details:

  1. Location – a  field containing data concerning localization that has been put into the system, field type [nvarchar](max) NOT NULL
  2. Id – the ID of localizations within the system, field type [int] IDENTITY(1,1) NOT NULL

corUserAttribute – includes data concerning additional attributes of the employee. There are predefined attributes within the system – this includes Address, City, ZIP code and ID number. The chart relates to ucoUser chart. Below, there is presented a list of fields containing personal data:

  1. Value – contains value of the attributes associated to employees, field type [Value] [nvarchar](max) NULL
  2. IdOwner – contains an employee’s ID within the system, field type [IdOwner] [int] NOT NULL

corCompany – includes personal data and contact details of providers registered in the system.  Below, there is presented a list of fields containing personal data and contact details:

  1. Id – an ID describing a provider within the system, field type [int] IDENTITY(1,1) NOT NULL
  2. Name – a name of the provider registered within the system, field type [nvarchar](255) NOT NULL
  3. REGON – REGON number of the provider registered in the system, field type [nvarchar](64) NULL
  4. Address – an address of the provider registered in the system, field type[nvarchar](255) NULL
  5. ZIP – a ZIP code of the provider registered in the system, field type [nvarchar](32) NULL
  6. Phone – a phone number of the provider registered in the system, field type [nvarchar](64) NULL
  7. Town – a town of the provider registered in the system, field type [nvarchar](128) NUL
  8. Province – a province/voivodship of the provider registered in the system, field type [nvarchar](128) NULL
  9. Country – a country or region of the provider registered in the system, field type [nvarchar](64) NULL
  10. Phone – phone number of the provider registered in the system, field type [nvarchar](max) NULL
  11. Fax – fax number of the provider registered in the system, field type [nvarchar](max) NULL
  12. Email – email address of the provider registered in the system, field type [nvarchar](max) NULL
  13. ContactPerson – name and surname of the contact person or the provider, field type [nvarchar](max) NULL

corUserAccount – includes information about user’s accuont:

  1. IdUser – an ID of the user registered in the system, field type[int] NOT NULL
  2. Login – a user-friendly IF, allowing him to authorize in the system, field type [nvarchar](128) NOT NULL

ucoUserLogin – includes information about employee’s logging in to the system:

  1. IdUser – an ID of the user registered in the syetem, field type [int] NOT NULL
  2. Login – user-friendly IF, allowing him to authorize in the system, field type [nvarchar](200) NOT NULL
  3. SID – a unique domain ID, field type [nvarchar](128) NOT NULL
  4. PrincipalName – a login in a shape that suits the Internet standard, field type [nvarchar](250) NULL

Access to personal data

Access to personal data is possible after logging in to the system. It demands owning a unique login and password for each user. Rights to access the data are provided according to users’ permissions in statlook system. It is IT administrators’ duty to control the access and secure the databases.

Password policy

It is possible for administrators to set parameters of password complexity. Statlook allows you to control the quality of passwords used by the end-users.

Possible configuration in ‘Password policy’ window

 

NameDescription
Enable password policy for uplook accountsEnforces the usage of password of minimal complexity: 8 signs, capital letter, lower case letter, number or special mark
Minimal password lengthSets the least number of characters that can make up a password.
Maximum password ageDetermines the number of days during which the password remains valid.
Minimal password ageSets the period that a password ought to be used before changing it.
Enforce password historyDetermines the number of uniquely created passwords that should be used before reintroducing it
Users must change password at next logonEnforces the change of password at next logon.

Access privileges

Statlook system enables you to limit the end-user’s access to data which can be processed by defining their privileges. The settings are cross-set by determining the range of access to both modules and according departments.

To manage and edit personal data, the user has to be given an access to Personnel module,

as well as access to the departments in which he will be allowed to view and manage the data.

Communication

To connect each architecture level, HTTP and Net.TCP protocols are used. In both cases, it is possible to use encrypted connection in order to ensure the security of data. To do so, it is essential to use SSL certificate.

Data loss prevention

Prepering a backup

With uplook Server, a dedicated tool to create database backup is installed. The backup ensures a high level of data compression; also, only employees who have an appropriate tool will be able to read them.

  1. Launch DataBackup.exe (in uplook server installation folder)
  2. Use operation type: Create a backup of uplook active database or plan to create a task of automatic copy creation
  3. Enter the access data to the source database
  4. Choose localization of the backup
  5. Choose the option: Stop uplook server for the time of copying and enter Master Console administrative authorization.
  6. To plan further backups on an ongoing basis, use the Plan task… option
  7. Enter the name of the task (e.g. Copy Statlook) and define the period during which it will be performed

The right to be forgotten

The right to be forgotten at the level of Master Console

In order to delete personal data from the system, you need to enter Personnel  tab in Master console. From the employee tree choose a person, whose data ought to be deleted. Right-click to open context menu and choose ‘Delete employee’ option.

How to delete personal data in Master Console

The right to be forgotten at the level of database engine

To delete the data while using database engine, you need to connect to the database that stores statlook system data. Next, you need to do as follows:

  1. Make a request SELECT * FROM ucoUser
  2. Find the worker whose data will be deleted and remember his ID
  3. Make a request DELETE FROM ucoUserLogin WHERE IdUser = x ; x being the aforementioned ID
  4. Make a request DELETE FROM ucoUser WHERE Id = x ; x being the aforementioned ID,

 



Was this article helpful?

Related Articles