Skip to main content
Planview Customer Success Center

General Data Protection Regulation (GDPR)

Introduction to GDPR

The European Community is adopting GDPR in May 2018. The purpose of this regulation is to be more transparent with individuals about their personal information and give them more control over how and when it's used.

The following are the primary tenets of this regulation and how our applications supports them:

GDPR Right Description Application Support
Right to be forgotten  Ensure that there is no information still in a system that could be used to personally identify a person who has opted out or is no longer a user of that system.

The application provides guidance for manually anonymizing personal information reflected in user interface elements.

In addition, the application provides a product feature that programmatically anonymizes not only UI artifacts that present personal information, but also artifacts at deeper levels of the application, such as history tables and logs. 

Right to opt in Do not collect data on a person until that person grants permission/that person opts in. The customer is responsible for obtaining the potential user's agreement before adding a resource to the application.
Right to receipt of data Respond to a former user's request for what information about them may still be in the system ("what info do you have on me?"). The customer is responsible for responding to this request and extracting any remaining information through reports or other means; there is no additional support from the application.

 

All Data Subject Access Requests (DSARs) must be submitted through the Planview DSAR portal located here.
 

Planview SaaS customers can find our Data Processing Agreements here.
 

Click an application name to view its GDPR processes:

Please sign in to see this content.

Please sign in to see this content

Please sign in to see this content.

What Information Needs to Conform?

In PPM Pro, personal information is generally stored in what is referred to as the "resource record" and the "user record". A user record is based on an existing resource record; user records have logins, resource records do not. Once a user record has been created, the resource record it is based on cannot be deleted from the system, even after the user record has been de-activated. Because we cannot delete certain entities or required fields, the approach PPM Pro has taken is to anonymize data where deletion is not possible. Where deletion is possible, the approach is to blank out the field values.

A resource/user record minimally contains the user's name and login - both of these fields are required. PPM Pro will provide a way to remove optional information, and anonymize required information, once the new GDPR feature is available and enabled. The resource name will be obfuscated with the text "Anonymized <resource ID>", and the user login will be obfuscated with "Anonymized <customer ID>.<resource ID>". For example, "Anonymized 123456789" and "Anonymized 9999999.123456789".

Note that the information contained in the resource record surfaces in other areas of the product; any obfuscation done to the resource record will propagate to certain other user-visible areas in the product accordingly. For example, entity owner fields (task owner, project owner, for example), and any lists that contain resource names. Remember that our solution will remove references to "who" performed an action, but the action itself will not be removed. For example, the project history table will still reflect a change of owner, but the owner name will be anonymized.

The following standard (out of the box) fields are addressed:

  • Resource Name - Resource - ID
  • Login (user)
  • Phone (work) - blank
  • Phone (mobile) - blank
  • Email - blank
  • Home Address - blank
  • UDFs on the resource record
  • Resource history (only handled by programmatic approach or Tier 3 request)

Out of Scope

The following elements are not addressed by the manual steps or the GDPR feature.

  • User-defined fields in areas other than the resource record
  • Attachments
  • Notes 
  • Status Comments
  • Skills Profile
  • No non-standard features (examples: Project dedicated to active directory, Portfolio concerned with resource turnover)

Customers are responsible for physically scanning elements such as notes, user-defined fields, lookup lists and attachments for personal information, regardless of whether they used the GDPR feature or manual solution. See Cleanup/Verification below.

How to Anonymize

Initially and until the GDPR feature is available and enabled for a customer, manual steps are provided for anonymizing a resource, combined with a Tier-3 request to address data in deeper levels of the product, such as history tables and logs. Following shortly will be the GDPR feature that will perform the manual steps plus the deep cleaning.

Both techniques will require physical cleanup afterwards to eyeball the out-of-scope elements listed above.

Termination Date Required

In order to anonymize a resource, the resource must have a termination date that is prior to the current date. After you anonymize any resource(s) by any method, you'll need to do cleanup/verification (see Cleanup/Verification).

  • Automatic Activation - If you have the GDPR feature enabled, any time you set a resource's termination date prior to the current date, you will be asked if you want to anonymize the resource.  
  • Ad Hoc Activation - If you have the GDPR feature enabled but set the termination date in the future (common practice as employees come and go), then once the termination date passes you will need to select the resource(s) and choose Actions > Anonymize Terminated Resource Data (described below)
  • Manual or No GDPR feature - Set the termination date for one or more resources to a date in the future. After that date passes, you will need to go to those resource records and manually obfuscate the data (see steps below).

Manual Steps

This technique is for use until the GDPR feature is available and enabled, and involves manually adjusting field values to wipe out personal date. This method requires a Tier - 3 request to address history tables and logs.

  1. Open Help menu > About PPM Pro and copy the customer number into a text editor.
  2. Navigate to the All Resources view.
  3. Double-click on the resource to open the Resource Info page.
  4. Locate the ID field (first field listed in main grid) and copy it into your clipboard.
  5. Choose Menu > Edit.
  6. Set the termination date, if not already entered.
  7. Replace the First Name and Last Name values with: "Anonymized <the resource ID from your clipboard>".
  8. Delete the Middle Name value, if using.
  9. Delete the values in the following fields:
    1. Phone (work)
    2. Phone (mobile)
    3. Email
    4. Skype ID
    5. Home Address
    6. Home City
    7. Home State, Zip
    8. Phone (home)
    9. Any user-defined fields that contain personal information
  10. Click Save.
  11. Choose Menu > Edit User Info.
  12. Replace the Login value with: Anonymized <customer ID>.<resource ID> (customer ID from your text editor, resource ID from your clipboard, or however you want to manage these numbers).
  13. Set the user to Inactive.
  14. Click Save.
  15. Enter a Tier 3 request: Anonymize terminated resource <Jane Doe>.
  16. The request will be completed without undue delay.
  17. Perform the cleanup described in Cleanup, below.

Any obfuscation done to the resource record will propagate to certain other user-visible areas in the product accordingly (project Owner, issue Assigned To resource, for example). Areas deep within the system, such as history tables and logs will be addressed by the Tier 3 request.

For example:

Do This Results

Edit resource and anonymize

resource_record.png

Anonymized resource record

anonymized_resource_record.png

 

Values propagate to other areas in the UI that reference the resource - this example shows a project Details section, where Project Manager (owner) field shows anonymized valued.

project_manager.png

Edit user record, anonymize login and deactivate

Anonymized, inactive user record

user.png

GDPR Feature - Automatic Activation (when available and enabled)

The GDPR feature is automatically kicked off when you enter and save a termination date prior to today's date. After confirming that you do want to anonymize the resource, it will perform the manual steps described above, as well as address the elements handled by the Tier 3 request that are required by the manual method for GDPR conformance. Note that you can bulk edit multiple resources, set the termination to a date prior to today, and this will kick off the automatic process as well.

  1. Once the GDPR feature is available, enter a support ticket requesting to enable the GDPR feature (if you have not already done so).
  2. Navigate to the All Resources view.
  3. Edit a resource and set the termination date to a date prior to the current date (or bulk edit multiple resources) and Save.
  4. The following dialog appears:

Screen Shot 2018-04-13 at 11.20.59 AM.png

  1. Click Anonymize to anonymize the selected resource's data. Click Do Not Anonymize to cancel.
  2. Perform the cleanup described in Cleanup/Verification, below.

Any obfuscation done to the resource record will propagate to certain other user-visible areas in the product accordingly, as well as to areas deep within the system, such as history tables and logs.

GDPR Feature - Ad Hoc Activation (when available and enabled)

For scenarios where you have set termination dates to future dates that have passed, you can kick-off the anonymization as needed.

  1. Once the GDPR feature is available, enter a support ticket requesting to enable the GDPR feature (if you have not already done so).
  2. Navigate to the All Resources view.
  3. Locate the resources you wish to anonymize (they will have termination dates prior to the current date, but that were set at an earlier date). 
  4. Select the resource(s) and choose Actions > Anonymize Terminated Resource Data.

  1. The following dialog appears:

anonymize_prompt.png

  1. Click Anonymize to anonymize the selected resource's data. Click Do Not Anonymize to cancel.
  2. Perform the cleanup described in Cleanup/Verification, below.

Projectplace is releasing features to support GDPR in the upcoming May 30th release. Check the Product Updates page to find the May release notes when they are available. The following functionality will be added:

Ability to Delete User from the Account Administration

An account administrator will be able to delete a user rather than simply deactivating or removing the user from the account. It is only possible to delete users that are part of the account. External users and internal user that are members of workspaces for more than one account cannot be deleted through the account administration tool.

Download User Information

Users will be able to download the information stored in their user account in a machine-readable format from the User Settings.

Link to Planview Portal for User Data Management

In the User Settings page, there will be a link to a portal where users can request updates and deletion of all user data held within the Projectplace service.

Planview LeanKit has taken measures to ensure compliance with GDPR guidelines. Our service deletes and/or obfuscates personally identifiable information associated with the user, according the GDPR guidelines for “Right to Erasure” or “Right to be Forgotten" outlined in Article 17. Users that are processed under the Right to be Forgotten guidelines will be deleted from the account included in the request. Data associated with a "forgotten" user cannot be retrieved or brought back. 

To make a request for a user to be forgotten, account owners can email support@leankit.com or create a new LeanKit Support ticket via https://support.leankit.com/hc/en-us/requests/new

Please include the following information in your support request:

  1. LeanKit account name, e.g. "account.leankit.com"
  2. LeanKit account user email address of the user to be forgotten
  3. LeanKit account user name of the user to be forgotten

Support will process the request within 30 days.