Blocking Access to Personal Data
This document describes the processes Lanetix has defined to enable our customer to block access to a data subject’s personal data.
Lanetix processes data our customers enter into our products or instruct us to process on their behalf. Lanetix’s customers decide what to enter. Lanetix generally has no knowledge about what is being stored. However, our understanding is that typically the information includes business-related information about our customers’ customers (e.g. names, business addresses, work phone numbers, work email addresses etc.), prospects and/or sales leads.
Block Access Temporarily
Our customers are able to block access to an individual’s personal data temporarily by setting any records that have an individual’s personal data to an “inactive” status.
Block Access Permanently
Our customers are able to block access to an individual’s personal data permanently by overwriting the record data to clear the blocked content (e.g. replacing the personal data with “unknown” or “blocked”) and setting the record to an “inactive” status.
If a customer’s data blocking obligations cannot be met using this approach, our customer must engage Lanetix Support or Professional Services to more permanently block access to an individual’s personal data.
Pseudonymise or Anonymise
Lanetix may be able to support a requirement that our customer may have to pseudonymise or anonymise personal data.
Pseudonymisation means replacing ‘obviously’ personal details with another unique identifier, typically generated through some kind of hashing, encryption or tokenisation function.
Our customers may engage Lanetix Support or Professional Services to create a Lanetix Extension, which may be able to perform some kind of hashing, encryption or tokenisation function.
Data, once truly anonymised, is no longer subject to European data protection law. This means that EU rules governing how long that data can be kept for, whether it can be exported internationally and so on, do not apply. Using anonymisation, the resulting data should not be capable of singling any specific individual out, of being linked to other data about an individual, nor of being used to deduce an individual's identity.
Our customers may engage Lanetix Support or Professional Services to create a Lanetix Datamart, which our customers may be able to use to anonymise data that is sourced from Lanetix to support a requirement that our customer may have to anonymise personal data.