GDPR establishes strict global privacy requirements, governing how personal data (or sensitive data) is collected, processed, accessed, stored, protected and managed in general; while ensuring that individuals can rely on data privacy as a fundamental right.
To reassure this, individuals have a series of rights which allow them to take legal action, if these should be infringed.
Among what is stipulated in these rights, it is considered that individuals are entitled to carry out the following, among others:
•Ask for clarifications on which personal data is being managed, and where it is stored or accessed from.
•Ask for clarifications about the purpose being given to personal data; and give explicit consent to authorize such purpose.
•Ask for clarifications about other relevant treatment to personal data, such as its given category, who is it disclosed to, and the period for which it is expected to be stored.
•Be informed about appropriate safeguards regarding management of personal data (e.g., such as those applying in the event of personal data transferring).
•Update personal data so that it is kept accurate and up-to-date.
•Obtain a copy of all personal data being managed (in a machine-readable format).
•Choose to opt out at any time, so that personal data is erased and no longer managed for that stated purpose.
•File a complaint with a supervisory authority in case of detecting non-compliance to these above rights.
In general, personal and sensitive data can include, but is not limited to, the following: Name, Identification number, Online identifiers, Email address, Location, IP address, Medical information, Racial or ethnic origin, Religious or philosophical beliefs, Health or sex life, or information in Cookies.
For the scope of this document, personal data or sensitive data that is collected, fundamentally depends on the design done by each customer when modeling their own processes.
By default, Bizagi does have shipped-in fields for personal data of end users such as: Email address, First name, Last name, Location (Country, State, City), Phone number or a photo. However, additional fields and general information regarding other individuals (e.g., a contractor's or vendor's contacts, users/customers or health care patients, etc) considered by those processes are to be explicitly identified, protected and managed by each customer.
Through the options presented in this document, some referring to features of Bizagi, you are enabled as a customer to cover the aspects of GDPR compliance within your built processes, so that as a Data Controller, you may address requests from your Data Subjects about making effective their individual GDPR rights.