GDPR levels
To comply with GDPR and protect personal information, Maxxton uses GDPR levels. These levels regulate which type of customer information your employees can access. Each level reflects how much personal data is visible, ensuring that only authorised users see sensitive details.
There are three GDPR levels:
- Level 1 – No personal information.
- Level 2 – Basic personal information.
- Level 3 – Full personal and financial information.
By assigning levels, you control the visibility of customer data and ensure sensitive information is handled securely. When information is not allowed at a certain level, it is automatically anonymised and displayed as asterisks (*****).
Manage GDPR levels
When you create new employee accounts in your organisation, those accounts start at Level 1. As the administrator, you are responsible for assigning GDPR levels to your users.
Maxxton does not decide or enforce levels in your organisation. You know best which level of access is required for each role. However, Maxxton explains why GDPR levels matter and how to assign them.
GDPR Levels Explained
Level 1 – No personal data
This is the default level for new employees. At this level, all GDPR-restricted fields are anonymised with asterisks. Users only see non-restricted information, such as customer ID or system references.
Level 2 – Basic personal data
If a role requires limited personal data, you can grant Level 2. At this level, anonymisation is lifted for basic fields, such as:
- Name (first, middle, last)
- Gender
- Company name
- Login
- Identity number
- Basic contact details (city, district, fax, alternative contact person)
All other sensitive fields remain anonymised.
Level 3 – Full personal and financial data
This level includes everything in Levels 1 and 2, plus highly sensitive details such as:
- Date of birth
- Account and IBANs
- Social security number
- Mandate numbers
- Full addresses, phone numbers, and email addresses
At this level, no GDPR-restricted fields are anonymised. Because of the sensitivity, only assign Level 3 if a role absolutely requires it.
GDPR Field visibility per level
The table below shows which fields are visible at each level. A ✔ means the field is visible, and ***** means the value is anonymised.
Field Group |
Field |
Level 1 |
Level 2 |
Level 3 |
|---|---|---|---|---|
Customer |
First name |
***** |
✔ |
✔ |
|
Middle name |
***** |
✔ |
✔ |
|
Last name |
***** |
✔ |
✔ |
|
Gender |
***** |
✔ |
✔ |
|
Company name |
***** |
✔ |
✔ |
|
Login |
***** |
✔ |
✔ |
|
Identity number |
***** |
✔ |
✔ |
|
Alternative invoice name |
***** |
✔ |
✔ |
|
Alternate name |
***** |
***** |
✔ |
|
Birth date |
***** |
***** |
✔ |
|
Account number |
***** |
***** |
✔ |
|
IBAN |
***** |
***** |
✔ |
|
Mandate number |
***** |
***** |
✔ |
|
Social security number |
***** |
***** |
✔ |
Address |
City |
***** |
✔ |
✔ |
|
District |
***** |
✔ |
✔ |
|
Fax |
***** |
✔ |
✔ |
|
Alternative contact person |
***** |
✔ |
✔ |
|
Address 1 |
***** |
***** |
✔ |
|
House number |
***** |
***** |
✔ |
|
House number suffix |
***** |
***** |
✔ |
|
Address 2 |
***** |
***** |
✔ |
|
Address 3 |
***** |
***** |
✔ |
|
Zip code |
***** |
***** |
✔ |
|
PO box |
***** |
***** |
✔ |
|
PO box zip code |
***** |
***** |
✔ |
|
PO box city |
***** |
***** |
✔ |
|
***** |
***** |
✔ |
|
|
Secondary email |
***** |
***** |
✔ |
|
Mobile phone |
***** |
***** |
✔ |
|
Mobile phone 2 |
***** |
***** |
✔ |
|
Private phone |
***** |
***** |
✔ |
|
Work phone |
***** |
***** |
✔ |
|
Latitude |
***** |
***** |
✔ |
|
Longitude |
***** |
***** |
✔ |