GDPR & BetrVG — Data protection and co-determination

PII is tagged at the schema, masked by default, and de-pseudonymized only with dual approval.

ITSMx treats personal data as a first-class concern — not an afterthought. Field-level classification, a masking layer, k-anonymity, and Works Council integration for organizations under BetrVG.

Request a demo

What the regulation requires → what ITSMx produces

Capabilities

GDPR

Art. 5(1)(c) — Field-level PII tagging

PII is classified at the schema layer — every field that holds personal data is tagged with its PII class. This drives masking, retention, and export behavior automatically.

GDPR

Art. 4(5) — Pseudonymization with masking layer

A masking layer sits between the data store and the UI. Pseudonymized fields show masked values by default; original data is accessible only through a controlled de-pseudonymization flow.

GDPR

Art. 25 — k-Anonymity enforcement

Query results are checked against a k-anonymity threshold to prevent re-identification through small-group inference.

GDPR

Art. 5(1)(f) — Dual-approval de-pseudonymization

Accessing unmasked PII requires dual approval — two authorized individuals must confirm. The request, approval, and access are logged in the audit trail.

BetrVG

§ 87(1)(6) — BetrVG Works Council workflow

Where a Works Council (Betriebsrat) exists, PII de-pseudonymization requests route through a council-member approval step with delayed visibility — meeting BetrVG co-determination requirements.

GDPR

Art. 20 — GDPR Art. 20 data export

Data subjects can receive a structured, machine-readable export of their personal data. Export covers all PII-tagged fields across the tenant.

Common questions

GDPR FAQ

Fields are tagged by PII class: direct identifiers (name, email), indirect identifiers (employee ID, IP address), sensitive data (health, biometric), and non-PII. Classification drives masking depth and retention rules.

When BetrVG mode is enabled, de-pseudonymization requests are routed to a designated Works Council member for approval before the requesting manager sees unmasked data. The council member sees only the request context, not the data itself, until approved.

Yes. The dual-approval de-pseudonymization works independently of BetrVG. The Works Council step is an additional layer enabled per tenant when co-determination applies.

The platform manages PII handling and access controls. Consent management (collecting and tracking data-subject consent) is outside the current scope — integrate with your consent management platform via the webhook adapter.

Informational only — not legal advice. Consult qualified counsel for regulatory obligations specific to your organization.

See pseudonymization and the Works Council workflow in action.

30 minutes. We'll demonstrate PII masking, dual-approval, and the BetrVG flow.

Request a demo Talk to us