/
GDPR

GDPR

Owned by Silas Canning (Unlicensed)
Jan 07, 2025
15 min read

1 Introduction

This page is designed to provide information on the changes to Moveware to achieve compliance with GDPR, as Moveware interprets it.
Although we have spent time reviewing the intent and meaning of GDPR, the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled.

1.1 What is the GDPR?

GDPR stands for General Data Protection Regulation. The GDPR is the European Union’s new data protection law. It replaces the Data Protection Directive.
While the GDPR preserves many of the principles established in the Directive, it is a much more ambitious law. Among its most notable changes, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or analyse personal data. The GDPR also gives national regulators new power to impose significant fines on organizations that breach the law.
Some of the key privacy and data protection requirements of the GDPR include:

  • Transparency, fairness, and lawfulness in the handling and use of personal data.

  • Limiting the processing of personal data to specified, explicit, and legitimate purposes.

  • Minimizing the collection and storage of personal data to that which is adequate and relevant for the intended purpose.

  • Ensuring the accuracy of personal data and enabling it to be erased or rectified.

  • Limiting the storage of personal data.

  • Ensuring security, integrity, and confidentiality of personal data. For further information about the GDPR, you can visit the GDPR portal website.

1.2 Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

1.3 When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period. Unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be enforced on 25 May 2018.

1.4 What does this mean for our customers?

We are eager to support our customers meet their GDPR compliance and make this process as seamless as possible. As such, we have made some changes to our product and privacy policy to make us compliant to the GDPR. These changes are included in Moveware release 8.3. Support charges may be applicable when further assistance is required.

2 Our Product Changes

The main product changes in Moveware relate to the clearing of specified client data and the right for clients to access their data. Also, the ability to utilise an encrypted database.

3 Right to be Forgotten

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure as outlined in article 17 includes data that is: No longer relevant to its original purpose, or information that the data subject is requesting be withdrawn.

3.1 Data Erasure

Clear private data button

In Moveware, we have implemented a clear private data button, that allows users who have the correct security access to clear data from Removals, DSP, Invoicing, Debtors and Storage. It can also be setup to clear multiple linked data from just one button.
Note: Only users with certain group(s) will be able to clear the private data and see this button.
The group(s) required is set in the System Parameter: PrivateDataSecurity. By default, this is set to X, so only users with security group X will get access to this button. Any system can have this changed to whatever group or groups they want, but if they clear this field the button will disappear for all users. The system parameter can be a comma separated list, so users with any one of the groups listed will have access to the button.

3.2 Setup for Clearing Private Data

The changes that have been implemented for clearing private data can be setup and adjusted for every Moveware system. Since it is directly linked to the database and its structure, only Moveware support team can adjust these to suit the needs of each Moveware system. No development is required to make these changes, it can be configured directly into Moveware.

3.2.1 Adjustable Items

A) Fields
Each system can be customised in terms of the fields that have data cleared. Some systems use fields in Moveware for different purposes. For example, one company might have an internal process that stores specific client information in their Comments fields and this will require clearing. Also, the laws in different parts of world have different requirements, some require names to be cleared while for others this is not mandatory but encouraged. Therefore, systems where the names of clients are to be kept but all other data cleared can be setup in this way.
B) Format of Cleared Data
By default, fields will be replaced with ‘XXXXXXXXXX’. However, every individual field can be setup to have its own format. For example, in the standard setup all email fields are replaced with XXXX@XXXX.XXXX. This is so any standard validation can be passed in the event the record is modified after the private data is cleared. Also, date fields are cleared as the format for these fields must be a null date or a valid date. Systems can be setup to have these dates set to a specific date (e.g. 01/01/01) if clearing the date is not desirable.
C) Event Log
The standard setup of the data clearing will clear events that are created for changes to fields that will be cleared during the clearing of private data. Additional events can be added to the clearing process if required.
D) Linked Records
When clearing data from Search tabs, Moveware can clear private data from linked records (eg for removals the user can also clear Invoices, Storage Accounts, Debtor, DSP Addresses and DSP People). If systems do not want users to have the list of linked records available or reduce the number of options, this can be configured.

3.3 Moveware Modules Effected

3.3.1 Removals Management

A) Search Tab
The clear private data button has been added to the Search tab of Removals Management.

When using clear private data button from this screen, users will be able to clear the private data of the current selected removal. When they click the button, the users will be prompted to not only clear the data from the removal, but also the data from linked records. For non DSP job types the list will display as follows:

The list displayed is multiple select by click and drag or by holding Ctrl and using the mouse button to select. Users can select none, one, two or all three. The removal details are always cleared regardless of what is selected.
For DSP job types the list will display as follows:

Again, users can select none or any number of options to clear.

B) Details Tab
On the Removals Management > Details tab, we have also added the clear private data button . However, when run through this tab the user will only be able to clear the details for the removal and they will not be prompted to clear the linked records. The idea is that when running the clear from a Search screen the user can clear multiple records, while on a non Search tab the user can clear just the data that is displayed. The prompt the users receive is slightly different:

C) DSP Tab
On the DSP tab, the clear private data button has been added into the Details section. Like with the Removals Management Details tab this will only clear the details of the selected contact record. Also, this will only appear for the Addresses and People as they are the only ones’ setup for this type of data clearing. The same prompt appears as from the Removals Management > Details tab shown above.
D) Invoicing Tab
On the Invoicing tab, the clear private data button has been added into the Bill To address section. Like with the Removals Management Details tab this will only clear the details of the selected invoice record. The same prompt appears as from the Removals Management > Details tab shown above. The button is available from whenever the Invoice header is displayed in Moveware. This includes through lookups and Debtor Invoicing.
Note, when the invoice is displayed the function of the button is the same and will only clear details from the current invoice.
E) Storage Tab
On the Storage tab the clear private data button has been added next to the print button to the right of the Storage ID field. Like with the Removals Management Details tab this will only clear the details of the selected storage record (it will not clear the data from the linked debtor). The same prompt appears as from the Removals Management > Details tab shown above.
F) Deletion of Private Documents
Private documents which contain personal information, for example passport copies, should also be removed from the system. Moveware has provided the ability to automatically delete specific directory(ies)/folder(s) from the removals folder setup, and thus remove all documents stored within the folder.
The setup for a private data directory can be done through Codes Management. Filter the list by type = ‘Directory’. Add a new code giving it a code value and description. In the Extra field add the word ‘Private’ (highlighted below). This will identify the directory as the directory holding the private data. Multiple directories can be setup as private data directories. This directory will be automatically created for the removals (just as the other codes of type Directory). When then Clear Private Data button is selected from the Removals Management > Search or Details tabs, and the private data is cleared, this private directory will have its contents deleted.

The deleting of the contents of the private data directory requires users to have placed documents into the correct directory. As this may not always have been the case, Moveware encourages users to check other directories for the removal. If documents are found in those directories users will need to manually delete the documents.

3.3.2 Debtor Management

The new clear private data button has been added to the Search tab of Debtor Management. When using the button from this screen, users will be able to clear the private data of the current selected debtor. When they click the button, the users will be prompted to not only clear the data from the debtor, but also the data from linked records.

The list displayed is multiple select by click and drag or by holding Ctrl and using the mouse button to select. Users can select none, one, two or all three. The debtor details are always cleared regardless of what is selected.

B) Details Tab
On the Debtor Management > Details tab, we have also added the clear private data button . However, when run through this tab the user will only be able to clear the details for the debtor and they will not be prompted to clear the linked records. The idea is that when running the clear from a Search screen the user can clear multiple records, while on non Search tabs the user can clear just the data that is displayed. The prompt the users receives is slightly different:

C) Edit Debtor Contract
The clear private data button is also available on the editing of Debtor Contacts. When the button is clicked only the details of the current contact will be cleared. The prompt that appears is the same as the prompt from the Debtor Management > Details tab.

3.3.3 Storage Management

A) Search Tab
The clear private data button has been added to the Search tab of Storage Management. When using the button from this screen, users will be able to clear the private data of the current selected storage account. When they click the button, the users will be prompted to not only clear the data from the storage account, but also the data from linked records.

The list displayed is multiple select by click and drag or by holding Ctrl and using the mouse button to select. Users can select none, one, two or all three. The storage details are always cleared regardless of what is selected.
B) Details Tab
On the Storage Management > Details tab, we have also added the clear private data button . However, when run through this tab the user will only be able to clear the details for the storage account and they will not be prompted to clear the linked records. The idea is that when running the clear from a Search screen the user can clear multiple records, while on non Search tabs the user can clear just the data that is displayed. The prompt the users receives is slightly different:

3.3.4 Deleting Historical Data

A) Removals
Moveware has also implemented a feature to allow historical private data to be cleared. For Removal/Job related data this function is available through the Modify Removals screen (usually located under Administration > System Setup > Modify Removals). Within this screen users can determine filters to find the records in step 1. Select. Then in step 2. Choose Selected Actions, they can select the Clear Private Data toggle. Then in 3. Modify Selected Removals they can click the Modify button. When clearing historical private data, the same process is followed as clearing the data from within Moveware. Users will be prompted to select linked records to clear and for all the removals found for the selected criteria the private data will be cleared.

B) General Ledger Transactions
From General Ledger > Journals users can filter the list of transactions and then click the clear private data button . The user will be prompted to confirm they want to clear the private details for ALL the transactions displayed.

This is different to other areas of Moveware where only the current selected record is cleared. Users need to be aware it is all the transactions displayed. There are only 3 fields where the data is cleared and in the case of transactions where the customer or creditor (although don’t need to clear these details) is linked, the name will be replaced with the code of the entity but have the name cleared. Also for storage invoices the period of the storage is maintained, but the name of the storage account is removed from the transactions.

3.3.5 Employee Management

The clear private data button has been added to the Search tab of Employee Management. When using the button from this screen, users will be able to clear the private data of the current selected employee. When they click the button the users will be prompted to not only clear the data from the employee, but also the data from linked employee bank records.

The list displayed is multiple select by click and drag or by holding Ctrl and using the mouse button to select. The employee details are always cleared regardless of what is selected.
B) Details Tab
On the Employee Management > Details tab, we have also added the clear private data button . However, when run through this tab the user will only be able to clear the details for the employee and they will not be prompted to clear the linked records. The idea is that when running the clear from a Search screen the user can clear multiple records, while on non-Search tabs the user can clear just the data that is displayed. The prompt the users receives is slightly different:

C) Bank Accounts Tab
On the Employee Management > Bank Accounts tab, we have also added the clear private data button . However when run through this tab the user will only be able to clear the details for the selected employee bank and they will not be prompted to clear the linked records. The idea is that when running the clear from a Search screen the user can clear multiple records, while on non Search tabs the user can clear just the data that is displayed. The prompt the users receives is slightly different:

4 Right to Access

Part of the expanded rights of data subjects outlined by the GDPR (article 15) is the right for data subjects to obtain from the data controller or processor, confirmation as to whether personal data concerning them is being processed, where it is being processed and for what purpose.

4.1 Authorisation to Store Personal Data

As part of the data storage requirements, systems need to the ability to record if the user has given authorisation to hold their private data. Moveware suggests the best method of recording this is through the Diary. This then allows systems to store date and time the authorisation was give, Moveware user to which it was given, how it was given (over the phone, email, in person, etc) and any additional notes as required. In the case of an email authorisation, the contents of the email can be included in the diary action.
Users who have security access to set up diary actions can add a diary action on their system to be used for this purpose. For systems running the details browser on the Removals Management > Details tab, this diary action can be setup to display. The date the authorisation was given can be displayed or if tit is just required to know if the authorisation action exists with a date set, Yes or No can be displayed.
To set this up please contact Moveware Support.

4.2 Report of Personal Data Stored in Moveware

As an addition to our standard report library, we have created a new report “Private Data” which provides the ability to view the personal information we have used and stored in our system.
This information can then be provided to the external user requesting it in an electronic format. The Moveware user will follow their privacy and security process regarding distribution of personal information.
The Private Data report can be located in Reports menu, under the Other Tab.

5 Privacy by Design

Under article 25 and 35, ‘Privacy by design’ means that the inclusion of data protection is from the onset of the designing of systems, rather than an addition. In practice ‘Privacy by design’ means that we will take privacy into account during the whole life cycle of the system or process development.

6 Data Encryption

While not a mandatory requirement of GDPR, Moveware can include encryption on your database to provide another layer of security. Database encryption can be added to the database using Transparent Data Encryption (TDE), which will be available at an extra cost.

What is Transparent Data Encryption (TDE)

TDE uses standard encryption libraries and encryption key management to provide secure, encrypted data. It requires no changes to your application, user procedures, administration or management processes. Data encryption provides protection on disk, in backups and binary dump files, and supports several encryption ciphers (AES, DES, DES-3 and RC4), so you can balance your security vs. performance needs.

How will Transparent Data Encryption (TDE) be applied:

Moveware will install TDE encryption to encrypt relevant tables within our database that store personal data. Once encryption has been setup, any additional new data entered in the database will be automatically encrypted.
Once encryption has been applied to the database, dependant on the type of encryption applied, the more encryption applied the more resource overhead (CPU usage) is need. Unfortunately, we are unable to confirm how much it’ll affect performance until it is actually implemented. Progress has advised that the minimal performance degradation – less than 2% during encryption/decryption.
TDE encryption can only be installed on customers running Moveware 8.0 and above.

7 Changes to our Privacy Policy

Our Privacy Policy has recently been amended to reflect any changes and updates required by law or by any enhancements of our procedures and controls.

See Moveware Privacy to view our current Privacy Policy.

 

Related content

EU Data Protection
EU Data Protection
Moveware Knowledge Base
More like this
Moveware System Security
Moveware System Security
Moveware Knowledge Base
More like this
Moveware Information Security
Moveware Information Security
Moveware Knowledge Base
More like this
Moveware Infrastructure Security
Moveware Infrastructure Security
Moveware Knowledge Base
More like this
Employee Management
Employee Management
Moveware Knowledge Base
More like this
Moveware 8.9 Release Highlights
Moveware 8.9 Release Highlights
Moveware Knowledge Base
More like this