How can I automatically anonymize data?

In the Netherlands we have legislation dealing with the Personal Data Protection Act (WBP) and the General Data Protection Regulation (GDPR). In order to comply with this legislation it may be necessary to anonymize customers’ personal data in i-Reserve. This concept falls under ‘the right to be forgotten’. It is possible to configure what data should be anonymised and the time that it should be kept for.

This functionality can be set in the configuration mode. To do this, click on your username (top right) and in the dropdown menu select ‘Configuration’. Next, click in the menu on ‘System - Anonymise settings'.

Activate anonymization

To activate the functionality simply choose the value ‘active’ under the option ‘Anonymization active’ and save the data. Tip: Set the functionality first to prevent unwanted behaviour.

How long will the data be kept?

The anonymization process is performed once a day, scheduled at night. You should determine first within your organisation how long data should be kept in the database. The time that the data should be retained can then be set in days using the ‘number of days’ option.

The retention period is determined on the basis of the most recent customer booking, more specifically the date on which the booking will occur.

Example: Customer A makes a booking on 10 July. The booking is for 23 July at 10.00 am. You have configured the system to store the data for 21 days. The data will then have to be removed on 13 August at 10.00 am. This will then take place on the night of 13 to 14 August.

Which data can be anonymized?

During the anonymisation process, some of the data is deleted from the database but the original records still exist.

In the case of customers, for example, the first name and surname are anonymized but the existence of the customer is retained. In this way customer records are still retained but certain information about the customer can no longer be traced.

This functionality can be set using the ‘Fields’ tab. Click on the button ‘Add field’ and then choose a filed name that should be periodically anonymised.

It is possible to specify a replacement value for the data that was in the original field. For example, you can replace everything with an asterisk (*) or with ‘anonymous’. This can vary per field and is done by completing the option ‘The new value of a field after automisation’.

What cannot be anonymised?

Outside the scope of this functionality are documents (PDF, e-mails) and exports (such as CSV and MS-excel). It is possible that templates are being used to generate e-mails containing personal data.

If you are using the templating or e-mail functionality in the application, then it should be a point of attention to set these up correctly (without personal information) or to periodically manually clean or delete that data.

Also outside the scope of this functionality are fields that are filled in by the user as remarks or comments. If text is used such as “Mr Janssen called for the confirmation”, nothing will be done with this information.

i-Reserve retains full backups for a period of 30 days. This backup contains the data that is present at the moment of creating it. It is not possible to mutate a part of this backup. As a result, the absolute complete removal of the personal data is only achievable after the set retention period plus 30 days.