6 things to remember to make Qlik Sense GDPR compliant
With increasing privacy/data protection regulations, in particular the EU General Data Protection Regulation (GDPR), we have been working with ensuring GDPR compliance in many areas, and the spring 2018 was a really busy period ensuring all our clients are compliant. Many of these are ERP customers, but actually GDPR compliance is also very relevant for Qlik Sense customers. Most customers think the following is true: “Achieving compliance comes down to what data you have on your Qlik platform”
That’s just not right. It’s much more complex than that, for example you need to make sure you have a policy for your log files. Internal log files contain user ID, these must be handled. Itelligence has a 6 step package that ensures compliance, and some of these steps are even valid for client that use Qlik Sense without any customer data in the system!
Upsides and Solutions!
On the other hand we are thankful that we don’t have to handle a system of Excel and Flat files, which means governance would be impossible!
Since this information is valid for any Qlik customer, and we really want to make sure that Qlik customers don’t get caught violating GDPR, we’re giving these valueble pointers to the community. In the current view of GDPR, having checked and documented the following 6 points should however be sufficient, to be technically compliant:
- Logfile Governance
- Deletion of Qlik Log files and randomisation of user data in Monitoring Apps
- Audit Log Adjustment to comply with reporting of access to sensitive data
- QVD & File Governance
- Deletion of QVD files to secure against dead files with sensitive data that are disconnected from source updates
- Apps Governance
- Removal of data from unused and old apps. Clear out apps that are not auto updated with data from GDPR compliant sources
- Data Export
- Ensure that sensitive data does not end up in disconnected Excel sheets
- Directory Connector
- Check that directory connectors remove users in compliance with GDPR (the right to be forgotten)
- Documentation that covers decision points and topics to ensure compliance, and why a decision was made. This document can be used as documentation in an auditing scenario
We are ofcourse willing to solve the above on your behalf and ensure that you ask the right questions.
NTT DATA Business Solutions Principal Expert Jakob Hansen has in corporation with our GDPR department developed our GuideBook and we have the know-how to ensure a technical compliant baseline, that is aligned with your internal policies.
Please fill out the below form and add GDPR and Qlik in the inquiry text and we will get back to you.