European General Data Protection Regulation (GDPR)

Per the European General Data Protection Regulation (GDPR), Optiva users have the right to request an accounting of their personal data. When users leave a company, they can request that their personal information be erased from their employer's databases.

There are action sets provided in the Optiva database to assist administrators in completing these tasks:

  1. Finding all references to a user in the Optiva database.
  2. Anonymizing all references to the user.

Infor Optiva customer responsibility

Any time a data subject, as defined by GDPR, asks to be forgotten, the Infor customer (data controller) must fully understand any regulatory/governmental/legal requirements which govern their business. The Infor customer (data controller) must determine whether the:

  • Data subject request to be forgotten must be fulfilled either partially or completely.
  • Data controller has a legitimate business/legal/regulatory reason to deny the request.

The Infor customer (data controller) bears the responsibility of responding to the data subject’s request. Inform the data subject that the request has been fulfilled; or provide an explanation of why the request cannot be fulfilled.

What if the Infor customer (data controller) determines that some or all of the data subject’s data must be forgotten? Infor Optiva provides features that allow the data controller to anonymize the data subject’s information.

Caution: 
After the anonymize process has been completed for the data subject, there is not a process to return the data to its original state. This is a permanent change. ALL references to the original User ID are replaced in every record where it is stored as part of the base Optiva product functions.

This feature does not look for personal data in such fields as comments fields, extension fields, or other fields that are not specifically purposed by Optiva to store personal data. If Infor customers are using any of the aforementioned fields, it is the customer responsibility to correct those fields themselves.

What if the Infor customer (data controller) determines that only some of the data subject’s data must be forgotten? Information (such as email address, phone, etc.) can be deleted directly on the user record. This manual removal is performed by the Optiva system administrator.