How can I automatically anonymize data?

In the Netherlands, we deal with the General Data Protection Regulation (GDPR). To comply with this law, it may be necessary to anonymize personal data of customers in i-Reserve. This falls under the ‘right to be forgotten’. Which data this concerns and how long the data is retained can be configured.

This functionality can be configured in the environment settings. Under 'System', you will find 'Anonymization settings'.

Activating anonymization

To anonymize the data, you first make a selection of the fields that need to be anonymized. To do this, click on the "Add field" button. A block with two options will now appear.

Please note that i-Reserve sets requirements for certain fields. For example, a customer's email address must have the format of an email address. If the new value does not meet this requirement, the field will simply be cleared during anonymization.

Repeat this process until all fields that need to be anonymized have been added.

To activate the functionality, select the value ‘active’ for the option ‘Anonymization active’ and the desired number of days until anonymization at "Number of days". Uncheck the "Inheritance" boxes for these options if you have adjusted the value and save the data. Tip: First set the fields to be anonymized and the settings to prevent unwanted behavior.

How long is the data retained?

The process for anonymization is carried out once a day, scheduled during the night. Determine in advance within the organization how long data will be kept in the database. The duration the data is retained can then be set in days via the ‘Number of days’ option.

The retention period is determined based on the most recent reservation for a customer, and more specifically the date on which the reservation takes place.

Example: customer A makes a reservation on July 10th. The reservation takes place on July 23rd at 10:00 AM. It was chosen to keep the data for 21 days. The data should then be deleted on August 13th at 10:00 AM. This then takes place in the night of August 13th to 14th.

Which data should be anonymized?

During anonymization, certain data is removed from the database, while the original records remain.

In the case of customers, for example, the first and last names are anonymized, but the customer record itself is retained. In this way, customer records are still preserved, but certain information about this customer can no longer be traced.

This functionality can be configured via the ‘Fields’ tab. Click on the ‘Add field’ button and then choose a field name that should be anonymized periodically.

It is possible to specify a replacement value for the data that was in the original field. For example, you can replace everything with an asterisk (*) or with ‘anonymous’. You specify this at the option ‘New value after anonymization’ and this can differ per field.

What is not anonymized?

Outside the scope of this functionality are documents (PDF, emails, and exports such as CSV and MS-Excel). It is possible that templates are used to generate emails containing personal data.

If templates and email sending are used, it is a point of attention to compose these correctly (without personal information) or to manually clean or delete them.

Outside the scope are fields filled in by the user as comments and notes. If texts such as “Mr. Janssen called for confirmation” are used here, nothing will be done with this data.

A full backup for a duration of 30 days is used for i-Reserve. This backup contains the data present at the time the backup was created. It is not possible to mutate a part of this backup. As a result, the complete deletion of personal data is only possible after the set retention period plus 30 days.