GDPR – what it means to us, and you

Any organisation using the agileBase platform will almost certainly be storing and manipulating data, whether that be as one of the agileChilli standard apps for food manufacturers, or a custom system tailored to your industry and organisation. That data might be sensitive and will in some cases be personal data – data about individual people.

If that’s the case you’ll more than likely know all about the General Data Protection Regulation (GDPR) which comes into force this May. Even if your organisation doesn’t hold any personal data this article may still be of some use. Virtually all organisations have important data they need to secure, it may be just be important and sensitive in other ways.

To that end, we’re publishing the outlines of the processes we follow. You may like to adapt some for your own use or just have a read to see if there’s anything you’d like to investigate further.

Secondly, as a supplier of a platform for ‘business agility through technology’, we’re in a rather unique position. Under the GDPR, we will be jointly responsible with our customers for ensuring personal data in the system is protected. To do that we need to know what type of data it is, where it’s stored and what it’s used for. However, because our customers often build and improve systems on agileBase entirely on their own, we don’t always know the answers to those questions. Therefore, we will be contacting some customers with a ‘screening questionnaire’ shortly, to help us ascertain whether further discussions or audits might be appropriate.

Our framework

GDPR_Cyber_and_Data_Security_Framework

We designed the Compliance Cycle model above to help us understand the scope of the new GDPR by offering a high level overview of our approach, based around eight core themes.

Of course, many of the details, practices and technologies will be the same as those we carry out anyway as good practice in protecting customer data generally, which we’ve always taken very seriously. The main difference is that we now have to ensure customers understand both their own obligations and the measures we take, so that they can be confident of their own compliance.

Step 1) Learn and Educate: As a SaaS provide we need to educate both ourselves and our customers about the impact of this regulation on our respective businesses. In particular, we both need to understand what constitutes “personal data” and “sensitive personal data”.

https://www.burges-salmon.com/news-and-insight/legal-updates/gdpr-personal-data-and-sensitive-personal-data/

Like many customers, we store staff training records in agileBase, including induction records detailing steps taken to help them manage data securely during the course of their work

Step 2) Identify: Once we understand what data is being collected we need to identify where this is being held. From a software perspective we also need to know where it flows to and from.

Examples might be data flowing into agileBase from e-commerce websites or out to finance packages via the API (a system for connecting software).

Step 3) Minimise: The first step in this process is to consider deleting any old data that is either of a high risk or of low value, but no longer of any real use. Secondly, consolidate (move) personal data from difficult to monitor tools, (e.g. spreadsheets) to systems that lend themselves to central control.

As a SaaS provider we will also need to minimize any risk our clients may expose us to.

Step 4) Assess: We then need to assess the overall level of residual risk by considering both the inherent risk in each type of data held and the specific risk for this type of data in each of the locations in which it is being held.

Once we know our risk exposure we can decide how best to manage that risk.

Step 5) Protect: We then need to work to secure the data we retain, with a particular focus on high risk personal data.

Step 6) Monitor: We need to put in place systems to monitor activity that might require investigation and have in place policies to rapidly address genuine issues, breaches etc.

Having done our best to reduce any ‘business as usual’ risk to a reasonable level we now need to plan for how we will handle any failure.

Step 7) Respond: We need to be ready to rapidly respond to both day to day queries about the data we retain from various stakeholders within the time guidelines laid down within the regulations and to any breakdown in our data security measures.

Response templates will be stored in our agileBase document library for centralised and easy access, together with stakeholder contact details

Step 8) Report: We also need to have procedures in place to report not only breaches failures but also an unusual activity, to the relevant authorities and customers.

Further details

Any customers who would like details on the technical and process steps we take to protect data should contact us at support@agilechilli.com. If you’d like to hear about setting up document libraries for forms and procedures, training records or asset/systems inventory databases, please do get in touch too.

As always, we look forward to hearing from you.

Advertisements

Sub-recipes

Our NPDtech product for food manufacturers has a new ability – rolling up all the ingredients in a sub-recipe to form an accumulated ingredients declaration.

Note: while this example deals with recipes, the agileBase platform can use the same features to work with any items that require a rollup e.g a bill of materials (BOM).

Take a simple example – a recipe for beef pie. The ingredients might be entered as follows:

beef pie ing

making the ingredients declaration

Rump Steak (46.4%), Stock (29.4%), ShortCrust Pastry (11.6%), Onion (10.3%), Olive Oil (0.77%), Salt (0.52%), Black Pepper (0.41%), Thyme, Parsley

However, shortcrust pastry is itself a recipe with ingredients

Flour (57.3%), Butter (25.2%), Water (16.1%), Salt (1.38%)

We now have the option to roll up the ingredients from this sub-recipe into the top level ingredients declaration, creating

Rump Steak (46.4%), Stock (29.4%), Onion (10.3%), Flour (6.7%), Butter (2.9%), Water (1.86%), Olive Oil (0.77%), Salt (0.68%), Black Pepper (0.41%), Thyme, Parsley

As you can see the additional ingredients salt, butter, water and flour are now included with the correct percentages of the total recipe.

The great thing about this is that it will work with not just one level of sub-recipe but the sub-recipes themselves can have sub-recipes and so on to any depth.

When generating this ingredients declaration, the system gives you the option of starting with either the top level or full ‘rolled up’ version. Following that, it can be manually tweaked as required. Another nice addition is that you can now specify a percentage level below which no percentages will be output – in the above example, it’s set at 0.3%, meaning the herbs percentages aren’t shown.

What’s more, when editing a recipe, a tab alongside ‘ingredients’ shows you which product each sub-ingredient comes from, along with the countries of origin.

exploded

A major benefit is the fact that you can search the system for any ingredient and immediately see which recipes contain it, even if the connection isn’t direct. That could be very useful if any ingredient alerts (those from the FSA are displayed in the system) or recalls are required.

For anyone interested in the technicalities of how this rollup works behind the scenes, it utilises agileBase’s ‘recursive workflow‘ feature, which we wrote about back in July.

Record count badges

What are views in agileBase used for?

Typically the majority will be operationally helping you to do your job, e.g. giving you a list of tasks to work through or a searchable list. At a higher level, others will help you gain insight e.g. performing calculations or displaying charts.

For task oriented views, knowing how many records you have to deal with today (or this week etc.) is often very useful. You can see the number if you click on a view and scroll down to the bottom, but wouldn’t it be nice if you could quickly see the counts for all views?

Now you can! We’ve just added count badges to all views in a tile, so you can quickly scan through and see what you’re working day’s going to look like.

Here’s an example from our Supplier Approval product.

Screen Shot 2017-11-22 at 20.16.26

At a glance, you can quickly see from the top of the screen how many items in each category are due, in progress, require verification etc.

So under ‘Audit’ for example, you can see that nothing’s due soon, but there are three in progress. If there are no records in a view, the name will be dulled slightly so it doesn’t stand out as much visually.

For views with larger numbers of records, the badge will show an approximate count, for example it will show ’10k’ if there are approx. ten thousand records. If you hover over the badge, you’ll see a more exact count as a tooltip. Even though you’re probably not going to work through 10,000 records one by one, it might be still be useful to see in context, particularly for new users. In a CRM system say, a sales manager might like to see that there are 10k opportunities in the system of which about 6k have been won, 4k lost and a handful in progress.

Titles

You might notice one other thing from the screenshot that’s new – the views are under headings. You can now optionally add headings in to your own systems to organise views.

It’s very simple, when naming your views, just put the heading name first, separated from the main name by a dash.

So a set of views

  • opportunities – all
  • opportunities – won
  • opportunities – lost
  • opportunities – in progress

will display as

  • opportunities
    • all
    • won
    • lost
    • in progress

We think these two improvements will be very useful to lots of customers, we look forward to getting feedback on any further tweaks we can make.

 

Regular expression checks

We’ve just added a useful new feature – regular expressions.

In other words, rather than just using simple rules to limit the ability for people to enter duff data, such as ’email addresses must contain an @ sign’, an administrator can now in addition add arbitrarily complex checks, as long as they know how to write regular expressions.

They can also be used to create advanced filters in views.

This might be something that people who’ve done a little programming might be excited by, but it perhaps others may also like to expand their skillsets with a bit of learning.

regular_expressions
xkcd.com

For full documentation, please see

https://www.postgresql.org/docs/current/static/functions-matching.html#FUNCTIONS-POSIX-REGEXP

To set up a data check in agileBase, go to a table in the admin interface, visit the ‘manage’ tab and click ‘checks’. Then from the dropdowns at the bottom of the screen, select a field and either ‘matches regular expression’ or ‘does not match regular expression’. Fill in the expression you’d like to check against to the right, e.g. [a-z] to match any data containing a letter of the alphabet.

regex checks

regex_golf_2x

Integration how-to: Power BI

A few customers have been interested in powering up their analytics with tools such as Tableau, Qlik or Power BI.

agileBase has built in charting which is great for quickly analysing and answering questions about data in your system, but specialist business intelligence apps can be particularly useful if you want to join data from multiple sources (perhaps an accounting package or marketing automation system too) in one place.

Thanks to one customer, Lewis Pies, we now have a great how-to guide on integrating with Power BI using our easy to use API. They’ve done all the work of investigating the Power BI side of things! It’s a great example of how to use the API in general to integrate with third party software.

powerbi

Setting up

Without further ado, here’s how an admin can set up the integration. It looks like lots of steps but that’s just because we’ve split it up into very small, simple parts to make it as easy as possible to follow.

Step 1: set up a view in agileBase to use as a data source

Tip: use a view bringing in as many possible variables into one place. For example, if you want to analyse sales, you might include totals by customer, product, salesperson, region, category, price banding and date. That way you have plenty of dimensions to analyse in multiple ways later on.

Step 2: turn on the API for the view to make data available

1 ab

Under the admin interface of AB select the manage option on the view and then the ‘send’ option.

Select ‘send data to a third party system using the API’ in the dropdown list and make sure you tick ‘allow access from third party software using an API key’.

Refresh the view to show your API key needed for the next step.

1 ab

Step 3: within Power BI press ‘get data’ and select ‘Web’ as the data source

2 pbi

Step 4: enter the sync details provided by AB into Power BI

Select the advanced option and fill in the following URL parts provided from the AB view setup in the first point. These are the parameters to add:

?get_report_json=true
&c=[your ‘c’ value here from AB]
&t=[your ‘t’ value here from AB]
&r=[your ‘r’ value here from AB]
&json_format=json
&simple_format=true
&row_limit=250000 (or however many rows you need)

3 pb

Step 5: enter the authorisation key into Power BI

Select ‘authorization’ from the dropdown options under ‘HTTP request hear parameters (optional)’ and press OK. The authorisation key is provided in the Agilebase view.

4 pb api key

Step 6: make data visible in Power BI

Once the data has pulled through and the connection is set up you will need to convert the dataset into a table.

5 pbi convert to table

Step 7: expand the colums

Once converted to a table you will then need to expand the data into columns and your view will be presented to manipulate.

6 pbi expand

Step 8: go wild with visualisations!

powerbi

 

 

 

 

 

New chart view setting

chart default

Sometimes, views are created purely as sources of data for charts – where the chart is the interesting thing and what you want to see first.

There’s now an option you can tick to show the charts for a view by default whenever you open that view.

In the view’s manage tab, just tick ‘Show charts by default’.

p.s. we’ll be at the Food & Drink Summit in Coventry on the 7th, launching our new Supplier Approval product!

 

See us in Coventry

We’re excited to tell you that not only will we be exhibiting at the Food & Drink Business Europe ‘IT Summit’, a week next Tuesday on the 7th November, but our Director of Food, Mark Garrett, is a guest speaker.

http://www.itfoodsummit.com/speaker/mark-garrett-product-director-food-agilechilli/

He’ll be talking about some of the heart-pounding experiences of his past life managing a food manufacturing company whilst being involved in a food-safety product recall across the supply chain. The insights from that prompted Mark to start developing software specifically tailored to food manufacturers.

Please come and say hello, or let your friends and colleagues know. If you can’t make it yourself, we’ll be posting proceedings on twitter, so please do follow us @agilefood.

agilechillilogobig