Privacy-Now - User contributions [en]

File:Consent bulk import - xlsx example.jpg

2019-06-14T15:24:38Z

Rdaverio: Rdaverio uploaded a new version of File:Consent bulk import - xlsx example.jpg

2018-11-20T11:32:55Z

Rdaverio: Rdaverio uploaded a new version of File:Consent Import Template.xlsx

2018-10-17T13:34:16Z

Rdaverio: /* Bulk operations on consent records */

== Introduction to Consents ==
Consents management provide the mean to acquire, update and use ''consents'' information. For example, it is possible to use Privacy Now® as a central repository of information about all the ''consents''. Information about ''consents'' can be created and updated manually or interfacing Privacy Now® with external system. See the paragraph [[Settings#Consents Source Details|Consents Source Details]] for more information.

== Workflow ==
A new ''consent'' can be created using the '''Add New''' functionality and choosing "New Consent". Alternatively, a new ''consent'' can be automatically acquired or updated by an external system.

A workflow enables to move ''consents'' in several statuses as shown in the following picture.

[[File:Consents_Workflow_ENG_v1.0.JPG|centre|thumb|800x800px|Consents workflow and statuses.]]

The following table explains the meaning of each status:

{| class="wikitable"
! Status !! Description
|-
|Default || A temporary status when the ''consent'' is initially created before the first save.
|-
|Valid || A ''consent'' in this status is valid and its information can be used accordingly.
|-
|Wrong email || This status is set manually or automatically. It can be set automatically by bulk import from xlsx.
|-
|Expired || In this status a ''consent'' is expired and therefore should be removed.
|-
|To be Removed || In this status, the ''consent'' shall be removed (the status is used to identify ''consents'' by the automatic removal procedure).
|-
|}

== Information ==
''Consent'' records are organized in three sections:

* ''Identification'', where identification data of the ''consent'' are recorded,
* ''Ownership & Organization'', containing the assignment of the key roles enabled to manage the ''consent'';
* ''Consent Details'', with the details of the ''consent'';

Is possible to select only one ''consent type'' and one ''consent subject'' for each ''consent'' record.
When the ''consent type'' is selected/updated the following fields could be automatically updated too (check details in table below).

{| class="wikitable"
! Field !! Description
|-
|Consent Expires||At record insert/update: the value of this field will be set to "Yes" if selected ''consent type'' Duration (days) is > 0, otherwise "No".
|-
|Consent Last Update||At record insert/update: The value of this field will be set to current date and time.
|-
|First Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in First Warning (days).
|-
|Second Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Second Warning (days).
|-
|Final Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Third Warning (days).
|-
|Retention Deadline||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Retention Period (days).
|}

Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.

Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See [[How To]] for more information.

== Privileges ==
''consent'' can be automatically created by authorized external systems or by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege).

The lifecycle of the ''consent'' is managed by the roles described in the table below. ''groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups'').

{| class="wikitable"
! Role !! Description
|-
|DPO Group || Members of the ''group'' assigned to this role have full privileges. They can:
* transition records to any compatible status,
* update fields when possible,
* update ''data sources'' directly in record management.
|-
|Data Controller Group || Members of the ''group'' assigned to this role have view (read) privileges.
|-
|Data Processor Group || Members of the ''group'' assigned to this role have several privileges. They can:
* transition records to any compatible status,
* update fields when possible.
|-
|Auditors Team || Members of the ''group'' assigned to this role have view (read) privileges.
|}

However, some steps may be performed automatically (see the paragraph dedicated to [[Consents#Warning and alerts|warning and alerts]]).

== Warning and alerts ==
Each ''consent'' will be set as an expiring consent or not depending from the property Duration (days) of selected ''consent type'':
* Duration (days) = 0: in this case the current ''consent'' will never expire and '''no warning will be raised'''.
* Duration (days) > 0: in this case the consent ''consent'' will expire and will be possible to configure four levels of warning.

{| class="wikitable"
! Field !! Description
|-
|Code||The value of this field shall be an integer and shall be univocal. It is the matching code used by Privacy Now® to automatically acquire ''consent'' from external system.
|-
|Consent Type||The value of this field shall be univocal. It is the name of ''consent type'' (i.e.: "Newsletter").
|-
|Description||Description of ''consent type''.
|-
|Duration (days)||The value of this field shall be an integer >= 0. It is used by Privacy Now® mainly to set current ''consent'' record as expiring ''consent'' or not.
|-
|First Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the first warning threshold in case current ''consent'' is an expiring one.
|-
|Second Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the second warning threshold in case current ''consent'' is an expiring one.
|-
|Third Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the third warning threshold in case current ''consent'' is an expiring one.
|-
|Retention Period (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the last warning threshold in case current ''consent'' is an expiring one.
|-
|Web Site URL||The value of this field will be the URL of front-end web site area to allow the ''data subject'' management of their ''consent'' (renew or revoke). It will be used in warning email sent by Privacy Now® to ''data subject'' in case the below option Send Warning to Data Subject is set to "true"
|-
|Send Warning to Data Subject||This field shall be set to "true" if consent record for selected ''consent type'' shall cause warning sending to ''data subject'' too, otherwise the warning will be sent only to receivers set into ''Settings\Application Settings'' (see the paragraph dedicated to [[Settings#Notification Settings|Consents Warnings Recipients ]]).
|}

== Reports ==
The list of ''consents'' can be filtered and exported to excel format from the ''view'' '''''Consents'''''.

== Consents Import ==
Privacy-Now® allows to acquire ''consents'' from external source (using structured email or xlsx file).

=== Consent Mail Structure and Procedure ===
Privacy-Now® can be connected to a mailbox to acquire ''consents'' (see the paragraph dedicated to [[Settings#Consents Source Details|Consents Source Details]]).

A ''consent'' email shall contain the following parameters (one for each row): some of them are mandatory, while some other optional (check the detailed description of each one).
The email format shall be '''plain text''' (HTML email will not be processed correctly) and shall not contain any signature.

Each mail shall contain one or more ''consent''. Each ''consent'' is manageable only if 3 parameters are present and valorized: Consent_'''[consent name]''' , Value_'''[consent name]''' and Date_Time_'''[consent name]'''.

Each ''consent'' present in mail will create a new ticket or update an existing ticket in Privacy-Now®. The existence of a consent is matched on Consent_'''[consent name]''', Source and the option selected in Data Subject Matching criteria.

{| class="wikitable"
! Field !! Description
|-
|Source|| The value of this parameter is '''mandatory''' and shall be filled with the ''consent'' source (ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in '''''Settings/Data Sets/Consents/Consent Sources'''''.
|-
|Name|| The value of this parameter is '''mandatory'''. The first name of ''data subject''.
|-
|Surname|| The family name of ''data subject''.
|-
|Email|| The email of ''data subject''.
|-
|City|| The town of ''data subject''.
|-
|Province_State|| The province or state of ''data subject''.
|-
|Country|| The country of ''data subject''.
|-
|Phone|| The phone number of ''data subject''.
|-
|User_id|| The univocal id (integer) of the user corresponding to ''data subject'' in consent source (ie: id of user in web site).
|-
|Username|| The univocal login of the user corresponding to ''data subject'' in consent source (ie: login of user in web site).
|-
|IP_address|| The ip address used by ''data subject'' during web site browsing.
|-
|Lang|| The main language of ''data subject''. Possible values: "en-GB", "it-IT" and "fr-FR".
|-
|Consent_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). At least one Consent_'''[consent name]''' shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the Code inserted in '''''Settings/Data Sets/Consents/Consent Types'''''.
|-
|Value_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). For each of the Consent_'''[consent name]''' defined in the email shall be present a corresponding Value_'''[consent name]''' (ie: Value_Newsletter). The value of this parameter shall be "1" (''consent'' given) or "0" (''consent'' denied).
|-
|Date_Time_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). For each of the Consent_'''[consent name]''' defined in the email shall be present a corresponding Date_Time_'''[consent name]''' (ie: Date_Time_Newsletter). The value of this parameter shall be the date and time of ''consent'' management in web site. It shall be in format '''dd-mm-yyyy hh:mm:ss''' .
|}

'''Example of a well structured email:'''
Source:myCompanyName
Name:Jhon
Surname:Smith
Email:jhon.smith@mymail.com
City:myTown
Province_State:myProvince
Country:myCountry
Phone:002235468
User_id:12345
Username:jsmith
IP_address:192.168.1.27
Lang:en-GB
Consent_A:1
Value_A:0
Date_Time_A:12-10-2018 10:14:50
Consent_B:2
Value_B:0
Date_Time_B:12-10-2018 10:14:50
Consent_Newsletter:3
Value_Newsletter:1
Date_Time_Newsletter:12-10-2018 10:14:50

== Bulk operations on consent records ==
Privacy Now® allows the bulk management of ''consent'' from ''Consents\Manage Consents from xlsx''.

[[File:Consent Import Template.xlsx|centre|thumb|800x800px|Consents management template.]]

The operations allowed are:
* Insert/Update of ''consents''
* Removal of ''consents''
* Move ''consents'' in status "Wrong Email"

The details of expected xlsx structure is explained in following table.

{| class="wikitable"
! Field !! Description!!Insert/Update!!Remove!!Move in Wrong Email
|-
|Id||Univocal Id of ''Data Subject'' in Privacy Now®.||This field is optional.||||
|-
|Name||Name of ''Data Subject'' in acquiring system.||This field is mandatory.||||
|-
|Surname||Surname of ''Data Subject'' in acquiring system.||This field is mandatory.||||
|-
|Email||Email of ''Data Subject'' in acquiring system.||This field is mandatory.||||
|-
|Phone||Phone of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|City||City of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|Province/State||Province/State of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|Country||Country of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|Username||Login of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|Consent||Consent Type Code to be granted to imported ''Data Subject'' (defined in Privacy Now®).||This field is mandatory.||||
|-
|Value|| Consent Value given by ''Data Subject'' for the imported Consent Type. The value could be "1" (''consent'' granted) or "0" (''consent'' not granted).||This field is mandatory.||||
|-
|Data||''consent'' date.||This field is mandatory.||||
|-
|Description||record description.||This field is optional.||||
|-
|Service||Privacy Now® ''service'' used as import target.||This field is mandatory.||||
|-
|Lang||''Data Subject'' selected language.||This field is optional.||||
|-
|uid||Univocal Id of ''Data Subject'' in acquiring system.||This field is optional.||||
|-
|Source||A key word defining univocally the acquiring system.||This field is mandatory.||||
|}

=== Import/Update of Consents ===

[[File:Consent bulk import - xlsx example.jpg|centre|thumb|800x800px|Consents bulk import.]]

=== Removal of consents ===

A ''consent'' can be removed individually from Application Settings.

=== Update consents in Wrong Email status ===

TBC

2018-10-17T12:16:03Z

Rdaverio:

== Introduction to Consents ==
Consents management provide the mean to acquire, update and use ''consents'' information. For example, it is possible to use Privacy Now® as a central repository of information about all the ''consents''. Information about ''consents'' can be created and updated manually or interfacing Privacy Now® with external system. See the paragraph [[Settings#Consents Source Details|Consents Source Details]] for more information.

== Workflow ==
A new ''consent'' can be created using the '''Add New''' functionality and choosing "New Consent". Alternatively, a new ''consent'' can be automatically acquired or updated by an external system.

A workflow enables to move ''consents'' in several statuses as shown in the following picture.

[[File:Consents_Workflow_ENG_v1.0.JPG|centre|thumb|800x800px|Consents workflow and statuses.]]

The following table explains the meaning of each status:

{| class="wikitable"
! Status !! Description
|-
|Default || A temporary status when the ''consent'' is initially created before the first save.
|-
|Valid || A ''consent'' in this status is valid and its information can be used accordingly.
|-
|Wrong email || This status is set manually or automatically. It can be set automatically by bulk import from xlsx.
|-
|Expired || In this status a ''consent'' is expired and therefore should be removed.
|-
|To be Removed || In this status, the ''consent'' shall be removed (the status is used to identify ''consents'' by the automatic removal procedure).
|-
|}

== Information ==
''Consent'' records are organized in three sections:

* ''Identification'', where identification data of the ''consent'' are recorded,
* ''Ownership & Organization'', containing the assignment of the key roles enabled to manage the ''consent'';
* ''Consent Details'', with the details of the ''consent'';

Is possible to select only one ''consent type'' and one ''consent subject'' for each ''consent'' record.
When the ''consent type'' is selected/updated the following fields could be automatically updated too (check details in table below).

{| class="wikitable"
! Field !! Description
|-
|Consent Expires||At record insert/update: the value of this field will be set to "Yes" if selected ''consent type'' Duration (days) is > 0, otherwise "No".
|-
|Consent Last Update||At record insert/update: The value of this field will be set to current date and time.
|-
|First Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in First Warning (days).
|-
|Second Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Second Warning (days).
|-
|Final Consent Warning||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Third Warning (days).
|-
|Retention Deadline||This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Retention Period (days).
|}

Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.

Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See [[How To]] for more information.

== Privileges ==
''consent'' can be automatically created by authorized external systems or by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege).

The lifecycle of the ''consent'' is managed by the roles described in the table below. ''groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups'').

{| class="wikitable"
! Role !! Description
|-
|DPO Group || Members of the ''group'' assigned to this role have full privileges. They can:
* transition records to any compatible status,
* update fields when possible,
* update ''data sources'' directly in record management.
|-
|Data Controller Group || Members of the ''group'' assigned to this role have view (read) privileges.
|-
|Data Processor Group || Members of the ''group'' assigned to this role have several privileges. They can:
* transition records to any compatible status,
* update fields when possible.
|-
|Auditors Team || Members of the ''group'' assigned to this role have view (read) privileges.
|}

However, some steps may be performed automatically (see the paragraph dedicated to [[Consents#Warning and alerts|warning and alerts]]).

== Warning and alerts ==
Each ''consent'' will be set as an expiring consent or not depending from the property Duration (days) of selected ''consent type'':
* Duration (days) = 0: in this case the current ''consent'' will never expire and '''no warning will be raised'''.
* Duration (days) > 0: in this case the consent ''consent'' will expire and will be possible to configure four levels of warning.

{| class="wikitable"
! Field !! Description
|-
|Code||The value of this field shall be an integer and shall be univocal. It is the matching code used by Privacy Now® to automatically acquire ''consent'' from external system.
|-
|Consent Type||The value of this field shall be univocal. It is the name of ''consent type'' (i.e.: "Newsletter").
|-
|Description||Description of ''consent type''.
|-
|Duration (days)||The value of this field shall be an integer >= 0. It is used by Privacy Now® mainly to set current ''consent'' record as expiring ''consent'' or not.
|-
|First Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the first warning threshold in case current ''consent'' is an expiring one.
|-
|Second Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the second warning threshold in case current ''consent'' is an expiring one.
|-
|Third Warning (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the third warning threshold in case current ''consent'' is an expiring one.
|-
|Retention Period (days)||The value of this field shall be an integer >= 0. It will be used to evaluate the last warning threshold in case current ''consent'' is an expiring one.
|-
|Web Site URL||The value of this field will be the URL of front-end web site area to allow the ''data subject'' management of their ''consent'' (renew or revoke). It will be used in warning email sent by Privacy Now® to ''data subject'' in case the below option Send Warning to Data Subject is set to "true"
|-
|Send Warning to Data Subject||This field shall be set to "true" if consent record for selected ''consent type'' shall cause warning sending to ''data subject'' too, otherwise the warning will be sent only to receivers set into ''Settings\Application Settings'' (see the paragraph dedicated to [[Settings#Notification Settings|Consents Warnings Recipients ]]).
|}

== Reports ==
The list of ''consents'' can be filtered and exported to excel format from the ''view'' '''''Consents'''''.

== Consents Import ==
Privacy-Now® allows to acquire ''consents'' from external source (using structured email or xlsx file).

=== Consent Mail Structure and Procedure ===
Privacy-Now® can be connected to a mailbox to acquire ''consents'' (see the paragraph dedicated to [[Settings#Consents Source Details|Consents Source Details]]).

A ''consent'' email shall contain the following parameters (one for each row): some of them are mandatory, while some other optional (check the detailed description of each one).
The email format shall be '''plain text''' (HTML email will not be processed correctly) and shall not contain any signature.

Each mail shall contain one or more ''consent''. Each ''consent'' is manageable only if 3 parameters are present and valorized: Consent_'''[consent name]''' , Value_'''[consent name]''' and Date_Time_'''[consent name]'''.

Each ''consent'' present in mail will create a new ticket or update an existing ticket in Privacy-Now®. The existence of a consent is matched on Consent_'''[consent name]''', Source and the option selected in Data Subject Matching criteria.

{| class="wikitable"
! Field !! Description
|-
|Source|| The value of this parameter is '''mandatory''' and shall be filled with the ''consent'' source (ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in '''''Settings/Data Sets/Consents/Consent Sources'''''.
|-
|Name|| The value of this parameter is '''mandatory'''. The first name of ''data subject''.
|-
|Surname|| The family name of ''data subject''.
|-
|Email|| The email of ''data subject''.
|-
|City|| The town of ''data subject''.
|-
|Province_State|| The province or state of ''data subject''.
|-
|Country|| The country of ''data subject''.
|-
|Phone|| The phone number of ''data subject''.
|-
|User_id|| The univocal id (integer) of the user corresponding to ''data subject'' in consent source (ie: id of user in web site).
|-
|Username|| The univocal login of the user corresponding to ''data subject'' in consent source (ie: login of user in web site).
|-
|IP_address|| The ip address used by ''data subject'' during web site browsing.
|-
|Lang|| The main language of ''data subject''. Possible values: "en-GB", "it-IT" and "fr-FR".
|-
|Consent_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). At least one Consent_'''[consent name]''' shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the Code inserted in '''''Settings/Data Sets/Consents/Consent Types'''''.
|-
|Value_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). For each of the Consent_'''[consent name]''' defined in the email shall be present a corresponding Value_'''[consent name]''' (ie: Value_Newsletter). The value of this parameter shall be "1" (''consent'' given) or "0" (''consent'' denied).
|-
|Date_Time_'''[consent name]'''||'''[consent name]''' shall be replaced by the name of ''consent'' (ie: consent_newseletter). For each of the Consent_'''[consent name]''' defined in the email shall be present a corresponding Date_Time_'''[consent name]''' (ie: Date_Time_Newsletter). The value of this parameter shall be the date and time of ''consent'' management in web site. It shall be in format '''dd-mm-yyyy hh:mm:ss''' .
|}

'''Example of a well structured email:'''
Source:myCompanyName
Name:Jhon
Surname:Smith
Email:jhon.smith@mymail.com
City:myTown
Province_State:myProvince
Country:myCountry
Phone:002235468
User_id:12345
Username:jsmith
IP_address:192.168.1.27
Lang:en-GB
Consent_A:1
Value_A:0
Date_Time_A:12-10-2018 10:14:50
Consent_B:2
Value_B:0
Date_Time_B:12-10-2018 10:14:50
Consent_Newsletter:3
Value_Newsletter:1
Date_Time_Newsletter:12-10-2018 10:14:50

=== Bulk import of consent records ===
Privacy Now® allows the bulk import of ''consent'' from ''Consents\Import Consents from xlsx''.

[[File:Consent bulk import - xlsx example.jpg|centre|thumb|800x800px|Consents bulk import.]]

[[File:Consent Import Template.xlsx|centre|thumb|800x800px|Consents bulk import template.]]

The details of expected xlsx structure is explained in following table.

{| class="wikitable"
! Field !! Description
|-
|Id||Univocal Id of ''Data Subject'' in Privacy Now®. This field is optional.
|-
|Name||Name of ''Data Subject'' in acquiring system. This field is mandatory.
|-
|Surname||Surname of ''Data Subject'' in acquiring system. This field is mandatory.
|-
|Email||Email of ''Data Subject'' in acquiring system. This field is mandatory.
|-
|Phone||Phone of ''Data Subject'' in acquiring system. This field is optional.
|-
|City||City of ''Data Subject'' in acquiring system. This field is optional.
|-
|Province/State||Province/State of ''Data Subject'' in acquiring system. This field is optional.
|-
|Country||Country of ''Data Subject'' in acquiring system. This field is optional.
|-
|Username||Login of ''Data Subject'' in acquiring system. This field is optional.
|-
|Consent||Consent Type Code to be granted to imported ''Data Subject'' (defined in Privacy Now®). This field is mandatory.
|-
|Value|| Consent Value given by ''Data Subject'' for the imported Consent Type. The value could be "1" (''consent'' granted) or "0" (''consent'' not granted). This field is mandatory.
|-
|Data||''consent'' date. This field is mandatory.
|-
|Description||record description. This field is optional.
|-
|Service||Privacy Now® ''service'' used as import target. This field is mandatory.
|-
|Lang||''Data Subject'' selected language. This field is optional.
|-
|uid||Univocal Id of ''Data Subject'' in acquiring system. This field is optional.
|-
|Source||A key word defining univocally the acquiring system. This field is mandatory.
|}

== Removal of consents ==

=== Removal of single consent records ===

=== Bulk removal of consent records ===

TBC