Use case in Certificate Manager: GDPR considerations for CM
This article describes some GDPR considerations regarding Smart ID Certificate Manager (CM).
From 25 May 2018 and on, GDPR (The EU General Data Protection Regulation) is enforced with the aim to harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy. An important part of the Data Subject Rights enforced by GDPR is the "Right to be forgotten", also known as "Data Erasure Right". As defined in GDPR, "the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data".
Certificate Authority (CA) organizations implementing supporting functions to comply with GDPR should make an assessment with regards to other requirements that may be superior from a legal point of view. Therefore, this article does not provide a guideline for how Smart ID Certificate Manager (CM) must be operated by the CA organization to meet GDPR. The organization should review its specific policies, auditor requirements, traceability, etc., and put these in relation to GDPR to assess what features can be provided by the organization with regard to GDPR. For example, it may be that deletion of certificates connected to a user whose data has been removed from the system can be done first after the certificates has expired.
Also observe that the GDPR acknowledges that data protection rights are not absolute and must be balanced proportionately with other rights – including the “freedom to conduct a business”. For more information on the ability of EU member states to introduce exemptions, see the section on derogation and special conditions.
CM provides some features to facilitate the organization to fulfill GDPR:
Subject removal - Removes subject data related to issued certificates from CM so that the subject can no longer be found in searches.
Certificate removal - Completely removes previously issued certificates and related information from CM.
Controlled logging of personal information - Disable logging of personal information.
Remove subject data
Subject data from an issued certificate may contain personal information. If requested, all subject data extracted from selected certificates can be removed from CM, so that those certificates do not show up when searching for parts of the subject data.
This function can be accomplished either in the Certificate Controller (CC) client or by using the CM Software Development Kit (SDK).
Details on how to remove a subject in CC are described in the RO guide in section "Remove identifiable information".
A detailed description of the CM SDK can be found in the Javadoc documentation available in the SDK directory in a CM client installation <install_root>/sdk/cm sdk/doc.
Sample code on how to remove subject data from a certificate can be found under the samples directory in RemovalRequestExample.
Remove certificates
An issued certificate and any related personal information audited in CM will be completely removed.
This function can only be accomplished by using the CM SDK.
Sample code on how to remove a certificate can be found under the samples directory in RemovalRequestExample.
Controlled logging of personal information
In standard operation, CM might log information that can contain sensitive personal data. In order to prevent this, and control what information that should be logged, see Log personal data in Certificate Manager.