I have to develop some diagrams displaying KPIs from the HR dpt. Technically, there is no problem, I have all the tools I need.
In Germany, however, handling personell data is a red-hot issue.
I am just drafting up a written agreement in which I state exactly how I will protect the App during the development process, how it is implicitly protected by the nature of licenses. Moreover, there will be detailed infos on what shall and can be displayed and what cannot. The whole thing will be signed by the pope.
I would like to know if any of you (if possible in Germany, we have very special legislation in that respect) has already had to do something like that and what possibilities there are to protect the data (pseudonymize/ anonymize personell numbers or else)?
You will end up not looking at the final application / GUI, but to the complete data flow. So you need to set up / apply to security / access rules for handling the complete workflow. Read these recommendations as start.