GDPR – Protection Classes for Data Security

Protection classes – controlling access to personal data

Personal data of employees has different levels of sensitivity for different roles within a company. For example, a birthday may be important for colleagues to plan a gift for a colleague, whereas bank account details are information intended solely for payroll accounting.

All this data can be stored in projectfacts to form a closed, interface-free information portal for employees. With version 5.18, the GDPR obligation to better protect personal data of varying sensitivity levels is fulfilled.

Through the “protection classes” with which information can be tagged, only holders of the relevant protection class can access sensitive data.

In the following we explain what needs to be done here

• First, in the configuration under user groups, the groups that should be able to create protection classes must be authorized to do so.
• You will then find the protection classes under “Configuration” – “General”.
• Here you can create these depending on how many hierarchies you have in the company with different access levels.
• The user groups are then assigned a protection class if necessary, and this grants access to the corresponding data that will be set up in the next step.
• You can find this view in the permissions of the user group under “Miscellaneous”.
• The access to personal data is then also defined in the “User & Rights” settings.
• This way you can ensure that only authorized persons gain access to the sensitive data.