GDPR, Anonymization of Customer Data

In accordance with the directives for GDPRClosed The General Data Protection Regulation is a regulation in EU law on data protection and privacy in European Union and European Economic Area., individual customers' data privacy has to be protected. Data Governance is the process that classifies sensitive data and anonymizes it on request for data protection regulations.

NOTE  
Based on our experience, FintechOS selected which information to anonymize. The financial institution can validate or add/remove attributes from the anonymization process within Innovation Studio.

There are two scenarios when the data can be anonymized:

  1. Automatically

    After 5 years (not counting the year of closure) the contractual relationship between a customer and a bank has ended. Certain data is automatically anonymized by the system: the scheduled job named FTOS_IB_CreateAnonymizationRequests runs a server-side script.

  2. Manually

    Upon user request, the bank can manually select a customer for which the data to be anonymized.

The types of information that are anonymized are username and password and:

Session information and activity within the Online and Mobile Banking solution:

session information
IP
login time
logout time
used functionalities during the session
 

Personal data about their identity and contact information:

FTOS_IB_UsersEnrollmentFTOS_IB_Users
Name
System User ID
User Name
Name
Middle Name
Last Name
Personal ID Number
Customer ID CoreBanking
Document No.
Email Address
Mobile phone number
FTOS_IB_UsersName
Full Name
Name
Middle Name
Last Name
Personal ID Number
Customer ID CoreBanking
Document No.
System User ID
Unique Identifier IB
Email Address
Mobile phone number
FTOS_IB_UserXCustomerName
System User ID
ClientID
Accounts

SecurityLimitAmount

 

Products, services and transactions including communication between the customer and bank.

FTOS_IB_Mailbox_IN_MessagesCustomer
IB user ID
FTOS_IB_Mailbox_OUT_MessagesAttachments
Customer
IB user ID
FTOS_IB_PaymentpayerFirstName
payerMiddleName
payerLastName
payerAccount
Payer Address
Payer Postcode
beneficiaryName
beneficiaryIBANAccount
paymentReason
name
transactionId
ultimatePayer
ultimatePayerID
ultimateBeneficiary
purposeOfPayment
FTOS_IB_PaymentExtfirstAuthorizerUserID 
secondAuthorizerUserID 
thirdAuthorizerUserID 
fourthAuthorizerUserID 
FTOS_IB_FCYPaymentExtFTOS_IB_FCYPaymentId
accountNumber
beneficiaryAddress
beneficiaryPostCode
paymentattachments
FTOS_IB_BGBudgetPaymentExtobligatedPartyPayer 
companyIdObligatedParty 
personIdObligatedParty 
personIdObligatedPartyForeigner 
documentNo 
documentDate 
FTOS_IB_UtilityPaymentContractFTOS_IB_UtilityPaymentContractid
Name
ibUser
customerId
FTOS_IB_UtilityPaymentServiceName
utilityPaymentServiceParentId
FTOS_IB_UtilityPaymentTransactionName
utilityPaymentContractid
userXTransactionTypeid
Transaction_ID
paymentDetails
FTOS_IB_TemplatesFTOS_IB_TemplatesId
templateFriendlyName
schemaType
currency
visibleAllUsers
payerAccount
beneficiaryName
beneficiaryIBANAccount
paymentAmount
paymentCurrency
paymentReason
paymentType
name
paymentCategory
beneficiaryAddress
detailsOfCharges
settlementDate
obligatedPartyPayer 
companyIdObligatedParty 
personIdObligatedParty 
personIdObligatedPartyForeigner 
budgetTypePayer 
budgetTypeCode 
budgetTypeDescription 
docTypeName - Document Type
docTypeName - Document No
documentDate 
FTOS_IB_BulkFilesFTOS_IB_BulkFilesId
bulkFileName
FTOS_IB_UserXBankAccountAlias
FTOS_IB_BankAccountIBAN
availableBalance
Reason for the blocked amount
blockedAmount

Currency

Balance
Loan number
 

The anonymization is done based on a rule. Both requests manually and automatically, anonymize the data in the entity FTOS_IB_UserXCustomer that have the status Inactive. Manually, the bank representative searches for the user or customer or automatically, the system anonymizes all the records which meet the rule.

IMPORTANT!  
All the records in FTOS_IB_UserXCustomer, which will be anonymized, must be in the Inactive state first before anonymization.