GDPR - Observation Checklist Data Deletion and Anonymization
When a user leaves a Legal Entity organizational unit (OU) and requests to be forgotten OR that user’s data is outside of the data retention period, observation checklists are impacted in the following ways:
- Assessee - If the user is an assessee, the user's observation checklist is deleted.
- Validator/Verifier - If the user is a validator or verifier, the user's core data such as First Name and Last Name are anonymized. That is, the validator or verifier's validations remain intact, but any references to the validator/verifier are anonymized.
- Validator/Verifier Electronic Signature - If the user is a validator or verifier, and they have provided an electronic signature for an observation checklist, then the electronic signature is anonymized.
- Administrator - If the user is an administrator, the user's core data such as First Name and Last Name are anonymized throughout Observation Checklist Administration.
When a data deletion request is made based on time, then the checklist completion date is used to determine when the data is deleted or anonymized. If the checklist is not yet complete, then the assignment date is used.
Considerations for Observation Checklists: