User Access
Access to privacy settings are managed in User access options: Your Data Protection contact or person responsible for data will need access to the Privacy Admin menu in the Admin Console.
The Dashboard page includes set up sets and data to review.
Other Gold-Vision users can be given access to Privacy Logs in a Contact or Lead record as long as the team they are in have the Privacy Log Access log ticked:
Note – all users have access to Privacy Actions.
Set up your Gold-Vision for GDPR in 3 easy steps
Step 1: Identify Personal Data
Use the screen designer to mark Sensitive/Personal field data
Note: when records are erased, this is the data which is permanently removed/erased from the database.
Only use sensitive for the special categories of data.
Step 2: Define Data Purposes
Record why and how long you store personal data (as per your Privacy Policy)
Select the Removal Date mode to be either Now or Created Date. This will effect whe the removal date in the privacy log is set based on the selected option.
Set the Lawful Basis for processing personal data according to ICO Article 6
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
Lawful basis interactive guidance tool
Note: these can be added to in the screen design, if for example you are processing sensitive data, see Article 9 https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/
Set the duration from the dropdown:
Step 3: Configure Privacy Rules
Set up automated system rules to apply purposes in the privacy rules area.
Rule Types
| Account Rule | Interaction |
Account Rule
This allows you to apply a purpose to Contacts based on the account type (relationship). Select the appropriate drop field for your system and choose one of more options for each rule.
Interaction
This allows you to apply a purpose to Contacts based on their behaviour – for example: when they make a purchase or attend an event.(Note: Event Attendee functionality is not available in 7.1.8, but will be in 7.1.9)
For example:
Lead List Rule
This allows you to apply a purpose to a Lead based on the Lead List Type. You can set up Lead List Types using the screen design tool (Listcontrol)
Select the Lead list type then select the purpose to be assigned to this rule.
Privacy Notice Provided
Tick this option if a Privacy Notification would have been provided – for example a link on a web sign up form.
Bulk Run Privacy Rules
Option to update all existing records – this will update all records with the relevant rules. Note all dates set will be based on the created date of the item NOT the date the bulk update is run.
Monitor and Manage
Process Subject Access Requests, Erasure Requests and remove old data.
Subject Access Requests
Individuals have the right to access their personal data and supplementary information.
If a Contact requests access to their personal data this can be actioned in the Contact record. The request can then be actioned by person responsible for data from the Administration Console. Under Article 12: you should process the request “without undue delay” and within one month.
Export Personal Sensitive Data
CSV file with Contact name (summary) and all fields which have been marked as personal or sensitive. Note: the fields marked as Personal or Sensitive are the fields which are erased.
If there are personal or sensitive fields stored in other Gold-Vision items, such as profiles or opportunities, they will also be listed.
Export Privacy Log
CSV file containing your lawful basis for processing, purposes and planned removal date.
Export Notes
CSV file of notes relating to the Contact or Lead.
Erasure Requests
The right to erasure is also known as ‘the right to be forgotten’.
The erasure request list shows Contacts or Leads who have requested that their data be erased.
Contacts/Leads will be permanently removed from Gold-Vision and the database.
Expired Records
Removal review list.
Removal Dates are there to show when a contact or lead has gone passed the original retention period that was applied based on the Privacy Rules. This does not mean that the data is removed automatically - or that you should not keep the contact or lead in Gold-Vision. It does give you the opportunity to review the data, check the lead or contact are still interested in your products or services or indeed, still an active customer.
Ideally, users would review the data before the removal date was reached so that the Privacy Administrator can keep the data no longer than is necessary.
Shows Contacts and Leads whose removal date has passed as well as deleted or dormant Contacts
Filter this list as required to bulk erase.
Deleted Items
The Removal review list shows all records marked as deleted or dormant as well as Contacts whose removal date has passed. Filter the list to show only deleted Contacts or Leads. Records can be erased individually or in bulk.
Note: there is a now a Bulk Delete option in all lists in Gold-Vision (available under the same access options as Bulk Replace)
Any Contacts deleted will appear in the removal review list and can be erased from the system.