All Apps
Menu

Data Classification System

Download GDPR

Data Classification System

The GDPR Data Management app uses a hierarchical classification system to organize and document personal data across your Business Central environment.

Classification Hierarchy

Three-Level Structure

General
├── Department 1
│   ├── Functional Area 1.1
│   └── Functional Area 1.2
├── Department 2
│   ├── Functional Area 2.1
│   └── Functional Area 2.2
└── Department N
    ├── Functional Area N.1
    └── Functional Area N.2

Level Definitions

Level 0: General

  • Purpose: Root level categorization
  • Scope: Organizational-wide classification
  • Default: "General" category created during initialization
  • Use Case: Top-level grouping for enterprise-wide data policies

Level 1: Department

  • Purpose: Organizational division classification
  • Scope: Department or business unit level
  • Examples:
    • Sales Department
    • Human Resources
    • Finance & Accounting
    • Customer Service
  • Use Case: Align data classification with organizational structure

Level 2: Functional Area

  • Purpose: Specific business process classification
  • Scope: Granular business function level
  • Examples:
    • Customer Management (Sales)
    • Employee Records (HR)
    • Invoice Processing (Finance)
    • Support Tickets (Customer Service)
  • Use Case: Fine-grained data processing activity mapping

Documentation Elements

Element Types

The system supports three element types corresponding to the hierarchy levels:

enum "DD GDPR Element Type"
{
    value(0; "Department") { }
    value(1; "Functional Area") { }
    value(2; "General") { }
}

Element Properties

Entry Management

  • Entry No.: Unique identifier for each element
  • Parent Entry No.: Links child elements to parents
  • Level: Hierarchical level (0=General, 1=Department, 2=Functional Area)

Classification Data

  • Type: Element type (Department, Functional Area, General)
  • Description: Human-readable name and description
  • Table Information: Associated BC table metadata
  • Field Information: Specific field classifications

Classification Process

Automatic Initialization

  1. System Scan: App scans all tables with personal data permissions
  2. Element Creation: Creates documentation elements for each table/field
  3. Hierarchy Building: Organizes elements into the hierarchical structure
  4. Default Assignment: Assigns elements to "General" category initially

Manual Classification

  1. Review Elements: Users review auto-generated elements
  2. Assign Categories: Move elements to appropriate departments/functional areas
  3. Create Custom Categories: Add organization-specific departments and areas
  4. Validate Structure: Ensure logical hierarchy and completeness

Data Category Management

Category Definition

Categories provide additional metadata for classification: - Category Code: Unique identifier - Description: Category purpose and scope - Data Controller: Responsible party for this data category - Retention Period: How long data should be retained - Legal Basis: GDPR legal basis for processing

Category Assignment

Elements can be assigned to categories for: - Processing Purpose: Why the data is collected - Data Subject Type: Customer, Employee, Vendor, etc. - Sensitivity Level: Public, Internal, Confidential, Restricted - Geographic Scope: EU, Global, Country-specific

Integration with Business Central

Permission Set Integration

  • Automatic Discovery: Uses BC permission sets to identify personal data tables
  • Field-Level Mapping: Maps individual fields to classification elements
  • Security Alignment: Ensures classification aligns with security permissions

Table Metadata Usage

  • Table Captions: Uses BC table captions for element descriptions
  • Field Captions: Leverages BC field captions for detailed classification
  • Relationship Mapping: Understands table relationships for connected data

Best Practices

Classification Strategy

  1. Start Broad: Begin with department-level classification
  2. Refine Gradually: Add functional areas as understanding improves
  3. Involve Stakeholders: Include business users in classification decisions
  4. Regular Review: Periodically review and update classifications

Organizational Alignment

  • Map to Business Structure: Align departments with actual organization
  • Consider Data Flow: Functional areas should reflect actual data processing
  • Document Decisions: Maintain rationale for classification choices
  • Train Users: Ensure staff understand the classification system

Maintenance

  • Version Control: Track changes to classification structure
  • Impact Assessment: Evaluate changes before implementation
  • Backup Classifications: Maintain backup of classification data
  • Regular Audits: Periodically audit classification accuracy