Skip to main content

Customised Reports fields

Lorna Murray

The fields available in the custom reports could breach GDPR as they aren't able to be restricted in any way. 

For example, if someone has access to Customised reports, they can add in fields to collect everyone they can see's bank account details even if this has been restricted for them in the core system,

Is it possible for admins to make customised report fields hidden, or for the system to not show details on the reports that are hidden in the core system. (similar to how if you aren't able to see Salary in the main system this will not be visible on the customised report even if you tick it)

0 votes

Linked Ideas

Comments

William Bainbridge

Good Afternoon Lorna,

I hope you're well. 

After some testing in our training portal, I have found customised reports do not breach GDPR. 

If the employee - who's running/creating the customised report - doesn't have access to the area in the system that whatever field they tick relates to, this data will not show in the report.

I made sure a test employee didn't have access to see annual salaries, then logged in as them and ran a customised report.
As you can see from below, the salary related data is starred out:



I hope this helps to clear any confusions.

Kind regards,
Will

Lorna Murray

Hiya,

 

If they aren’t able to see bank account details in the system, they can still view them by selecting it on customised reports,

 

I gave salaried information as the field example of what we would like it to show when bank account details are selected. (we want it to hide sort code and account number in the same way)

 

I was not saying that showing the salary was a breach of GDPR, but Bank account and sort code could be,

Please sign in to leave a comment.