Initial Certification: 05/2020
HAVI Solutions offers the IT-based service “Migration of Sensitive Data” to customers who want to transfer (personal) data from a source to a target system. The service can be provided without any disclosure of personal data (“real data”) to HAVI. Rather, the service provider only needs information on the data structure as well as test data / anonymized data to be able to assist its customers with such a migration. The possibility to dispense with the disclosure of personal data to HAVI is of particular relevance if sensitive data such as special categories of personal data, personal data that are subject to professional secrecy or company secrets form part of the data to be transferred from a source to a target system. Users of the certified service (customers) are controllers in respect of the processing of personal data on the occasion of a migration project. They are provided with guidance on how to comply with EU data protection law in a dedicated leaflet. Customers can be sure to act in compliance with the law if they adhere to this guidance.
Product/Version
Migration of Sensitive Data
Function as provided in April 2020
Qualification: IT-based service (processor service)
View the Migration of Sensitive Data certificate
Cert. No.
EP-S-X5NRK2
Version of Certification Criteria
Validity
28/05/2020 – 31/05/2022
Monitoring
01/2021 (O.K.)
09/2021 (O.K.)
Public Report
Migration of Sensitive Data Short PublicReport 
Manufacturer/Provider
HAVI Solutions GmbH & Co. KG
Am Stadtrand 52
22047 Hamburg
Germany
BEST
The service can be provided in a way that prevents HAVI from accessing any sensitive data / personal data at all.
ATTENTION
HAVI Solution’s service “Migration of Sensitive Data” facilitates its data protection compliant use. However, when providing the service, HAVI acts on behalf of its users (customers) who are the controllers for all processing of personal data during a migration project. This means that the customers are responsible for the actual legitimacy of the processing of personal data when making use of the service.
SUMMARY
Data migration is the transfer of a data set from a source system to a target system. The structure in which the data exists in the source system must be translated into the structure of the target system. The “data” consists of database contents and object data. The latter include documents, e-mails, annotations, and electronic signatures. The database contents may comprise database entries, metadata (relating to the above-mentioned objects), master data, reference data from other systems, etc. For the data migration, rules and specifications (so-called mapping) must be determined. Mapping is done manually so that the conversion process can be run automatically by the migration software later on.
HAVI Solutions offers the IT-based service “Migration of Sensitive Data” to customers who want to transfer (personal) data from a source to a target system. The service can be provided without any disclosure of personal data (“real data”) to HAVI. Rather, the service provider only needs information on the data structure as well as test data / anonymized data to be able to assist its customers with such a migration. The possibility to dispense with the disclosure of personal data to HAVI is of particular relevance if sensitive data such as special categories of personal data, personal data that are subject to professional secrecy or company secrets form part of the data to be transferred from a source to a target system.
Users of the certified service (customers) are controllers in respect of the processing of personal data on the occasion of a migration project. It is the customer who specifies the source and the target system, who decides what data are disclosed to the service provider and who performs the actual transfer from the source to the target system. HAVI, on the other hand, sets up a secure migration environment within its infrastructure and assists the customers with the preparation for the actual migration of the data (“mapping”). The import of the data into the target system does not take place within the migration environment, but directly in the target environment.
Customers are provided with guidance on how to comply with EU data protection law in a dedicated leaflet. They can be sure to act in compliance with the law if they adhere to this guidance.
DETAILS
Initial Cert 2020/05
HAVI provides tools and know-how to its customers, which enable them to perform both automatic and manual correction procedures (such as format adjustments or manual corrections on the content level). The actual migration takes place exclusively at the customer’s site, so that no personal data need to be transferred / disclosed to the service provider. Hereby, the customer makes use of scripts developed or adapted by HAVI in the course of the respective migration project.
The ToE includes:
- The secure migration environment, which HAVI sets up within its infrastructure;
- the processing of data within this environment to prepare the actual migration.
The ToE excludes:
- Optional services provided by HAVI if explicitly requested by the customer such as the performing of manual corrections on the content level;
- the use of commercial data exchange platforms such as DropBox for a migration if explicitly requested by the customer;
- customer specific tools (scripts) for a migration created by HAVI in the course of a migration project;
- customers’ source and target systems.
Legal Evaluator
Stephan Hansen-Oest.
Rechtsanwalt
Im Tal 10a
24939 Flensburg
Germany
sh@hansen-oest.com
Technical Evaluator
Andreas Bethke
B³ | Informationstechnologie
Papenbergallee 34
25548 Kellinghusen
Germany
bethke@europrise-expert.com