ARIS - SHARE YOUR IDEAS
It is required by law (GDPR) that when a customer wants their data to be deleted from a system it should be possible to do so (deletion by design). Currently this is not possible in ARCM. We, as xxx, want this functionality to be implemented.
Due to numerous customer requests, a flag is needed for each attribute that individually determines the GDPR relevance. This would allow the customer to determine which attribute is GPPR relevant and which is not. With the help of a script, such attributes could then either be deleted or even anonymized. Anonymization would have the advantage that mandatory attributes would still be filled. A distinction between data types (string, date, boolean, ...) is of course necessary. In addition, these effects must also be available for versioned information in change lists / databases. Furthermore, this is of course not only necessary for ARCM, but also for the entire ARIS suite and process mining.
Within in our company: deletion by design is key. An IT system must have the capability to delete data after the retention period. For instance non relevant or old risk assessments may not live in the database for ever but must be deleted. We need a functionality were this done. Would be awesome when you can say delete this data after x year (retention period)
So far, we offer the possibility to anonymize user in ARCM (see help files chapter Anonymize ARIS Risk and Compliance users) instead of deleting them, as we see this is relevant for the purpose of audit logs etc.)
Dear customers, please vote on this idea if it is also relevant for your company, as we would like to know, if this is relevant for multiple companies. Thank you!