Data anonymisation is a process that helps you comply with your UK GDPR requirements by allowing a users personal data to be deleted.
The Data Protection Officer can create a request for anonymising a users data. This is queued and processed overnight on the day of request. Requests are processed overnight due to the high load and potential impact on standard operation.
Due to the risk of data deletion with this feature only the Data Protection Officer will be able to access this functionality, there is no permission for assigning access. The Data Protection Officer is specified in the Data Protection Officer setting.
What’s the Goal of This Process#
The main goals of this process are to enable you to meet your UK GDPR requirements while retaining as much information as possible to allow you to make assessments and statistical analysis of historical data.
To that end personal data is deleted and other data is retained where it could be useful.
What Data is Deleted#
The following data is deleted:
The users postal address.
The user’s response to all consent statements.
The user’s file consent items.
Date of Birth
The users email address is removed from all emails sent.
English Proficiency Details
In Care Information
Care Authority Details
Information Update Requests
Notifications Assigned to the User only are Deleted.
Users removed as recipients from all Notifications.
Third Party ID
If third party integration is enabled, the users third party ID is deleted.
Pupil Premium Information
Pupil Premium Details
Your schools identifier for the user.
One Time User Links
Secret Question Details
Sixth Form Admissions
Application Talk To Us Messages (Only removed if the user is the applicant of the application).
Application Files/Documents (Only removed if the user is the applicant of the application).
The users mobile number is removed from all SMS Messages sent.
The users title (Mr, Mrs etc).
User Group Memberships
The username for logging in.
What Data is Retained#
All data not explicitly listed above is retained. The below fields are retained and should be of particular interest to know:
The users gender.
The users postal addresses postcode.
At first glance you might question if these fields contain personal data but once the other data is removed an individual can no longer be identified using this data and as such does not constitute personal data any longer.
Creating a New Request#
To create a new request the Data Protection Officer can select the Create option from the Data Anonymisation section of the side menu.
You should then select the user that you’d like to anonymise.
For additional security you must then confirm your understanding that once you submit this form the data will be deleted and there will be no way to recover the data. Once confirmed click the anonymise user button to submit the request.