Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Entities – PII Reports & GDPR Compliance Tools

            Modified on Wed, 10 Jun at 8:05 PM

            This article explains how to use the PII (Personally Identifiable Information) report and mass-update tools in DiliTrust Entities to help your organization comply with data protection regulations, including the GDPR.

            ✅ Introduction

            Organizations that manage legal entities often accumulate personal data on individuals — such as mandate holders, shareholders, proxy representatives, or legal representatives — over many years. Over time, some of these individuals may no longer have any active relationship with your companies, yet their personal data remains stored in the system.

            To help administrators comply with data protection obligations (such as the GDPR's data minimization and right-to-erasure principles), DiliTrust Entities now provides dedicated tools to:

            • Identify individuals who no longer have active links to any company or role.
            • Filter individuals using new date-based criteria (last mandate, last shareholding, last delegation).
            • Empty sensitive personal data fields (such as address) in bulk.
            • Delete the full history of a field's values for selected individuals.

            ✋ Prerequisites / Getting Started

            Before using these features, make sure the following conditions are met:

            • Administrator role: Only users with the Administrator profile (HQ or local admin) can access the report library, run PII reports, and perform mass updates.
            • Access to the Entities module: Your organization must be subscribed to the DiliTrust Entities module.
            • Individuals data already entered: The PII report is based on data already recorded in the Persons section (individuals) of your Entities environment.

            ✨ Feature Overview: What's New

            Three new capabilities have been added to support GDPR compliance workflows in the Entities module:

            1. New date-based filters in the Individuals report — identify individuals by when they last held a role.
            2. Ability to empty the Address field via mass update — clear sensitive address data for multiple individuals at once.
            3. Delete all history records for a field via mass update — permanently remove the tracked history of a field's values across selected individuals.

            ⭐ Step-by-Step Guide

            Step 1 – Generate an Individuals Report with PII Filters

            1. Go to the Reports section from the main navigation menu.
            2. Click Create a report or open an existing Individuals report.
            3. Set the Content scope to Individuals.
            4. In the Filterssection, use the new date-based fields to narrow down individuals who are no longer active:
              • Last time as a mandate holder — filter individuals whose most recent mandate ended before a chosen date.
              • Last time as a shareholder — filter individuals whose most recent shareholding ended before a chosen date.
              • Last time as a delegator — filter individuals whose most recent delegation ended before a chosen date.
            5. You can also use existing filters such as Retirement date, End management date, or Last updated to further refine your selection.
            6. Run the report to display the list of matching individuals and their associated personal data fields.

            Tip: Use the Managed / Non-managed toggle in the filter panel to include individuals linked to companies not directly managed in your perimeter.

            Step 2 – Select Individuals for Mass Update

            1. From the Individuals list (or from the report results), select the individuals whose data you want to update.
            2. Click the Mass update (bulk edit) button in the toolbar.
            3. A dialog will appear confirming the number of selected individuals and a reminder that all changes will be applied uniformly.

            Step 3 – Empty Personal Data Fields

            1. In the mass update dialog, locate the field you want to clear (e.g., Address, Gender, Birth date).
            2. Check the "Empty this field" checkbox next to the relevant field. This will clear the field's value for all selected individuals.
            3. Do not enter a replacement value — the purpose is to erase the data, not replace it.
            4. Click Confirm to apply the change.

            Important: This action is irreversible for the current value. Make sure you have selected the correct individuals before confirming.

            Step 4 – Delete Field History Records

            1. In the mass update dialog, locate a field that supports historization (i.e., a field that tracks past values over time).
            2. Check the "Delete history" option associated with that field.
            3. This will permanently delete all past recorded values for that field across all selected individuals.
            4. Click Confirm to apply.

            Note: The "Delete history" option is only available for fields that support historization in DiliTrust Entities.

            ✨ Tips & Best Practices

            • Use filters before mass-updating: Always run a report first to identify exactly which individuals are concerned before performing any bulk data erasure. This helps you avoid accidental data loss.
            • Export the report before erasing: Before emptying fields, export the report as a backup record. This can be useful for audit trail purposes.
            • Combine filters: You can combine multiple date filters (e.g., last mandate + last shareholding) to build a precise list of individuals with no remaining active roles.
            • Apply GDPR reviews periodically: Schedule a quarterly or annual review using these reports to maintain ongoing compliance rather than addressing data backlogs all at once.
            • Document your actions: Keep an internal log of the mass updates performed (date, number of individuals affected, fields cleared) for your organization's compliance records.

            ❌ Limitations & Known Constraints

            • No timestamp tracking for all event types: Certain types of historical events (e.g., specific timeline entries) do not have a timestamp tracked in the system. As a result, filtering by "last activity date" may not cover all possible types of links between individuals and companies.
            • Address field only for emptying via mass update (at launch): Initially, the "Empty this field" capability via mass update is focused on the Address field. Other fields may become emptiable in future releases.
            • Admin access required: These tools are exclusively available to administrator profiles. Regular users cannot access the PII report filters or perform mass updates.
            • Irreversible actions: Emptying a field or deleting its history cannot be undone. There is no recycle bin or restore function for this data.
            • Bulk update applies uniformly: The mass update applies the same change to all selected individuals. It is not possible to apply different values to different individuals in the same mass update operation.

            ❓ FAQ

            Who can use the PII Reports and mass update tools?

            These features are reserved for Administrator profiles only (HQ Admins and local Admins with appropriate permissions). Regular users do not have access to these tools.

            What types of links are taken into account to determine if an individual is "inactive"?

            The report considers the following types of links between an individual and a company:

            • Mandates (directorships, officer roles, etc.)
            • Shareholdings
            • Proxy representatives
            • Legal representatives
            • Delegations
            • Individual custom fields

            If an individual has no active link of any of these types, they will appear in the PII report.

            Can I undo a mass update that emptied personal data fields?

            No. Once confirmed, data erasure via mass update is permanent and irreversible. We strongly recommend exporting a report of the affected individuals before performing any bulk deletion.

            What is "Delete history" and when should I use it?

            Some fields in DiliTrust Entities track changes over time (historization). "Delete history" removes all past recorded values for such a field — not just the current value, but the entire audit trail of previous values. Use this option when you need to comply with a right-to-erasure request and the individual's past data must be fully removed.

            Can I filter by "last activity date" across all possible roles at once?

            You can apply multiple date filters simultaneously (e.g., last mandate holder + last shareholder). However, note that not all types of historical events have a trackable date in the system, so some edge cases may not be covered by date-based filtering alone.

            Is there a way to automate the GDPR review process?

            At this time, the PII report and mass update must be triggered manually by an administrator. Automated scheduling or alerts for inactive individuals are not yet available. We recommend setting up a recurring internal process (e.g., quarterly review) to run these reports regularly.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0