Difference between revisions of "Settings"

From Privacy-Now
Jump to: navigation, search
(Master data)
(Master data)
 
(92 intermediate revisions by 4 users not shown)
Line 8: Line 8:
 
Master data tables contain the sources data of the fields using single or multi choice options.
 
Master data tables contain the sources data of the fields using single or multi choice options.
  
Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by ''users'' with the <u>Admin</u> field set to "True".  
+
Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by ''users'' with the <u>Admin</u> field set to "Yes".  
  
 
Editing of master data table can be done from the left menu '''''Settings/Data Sets''''' or directing from the records using the fields based on the master data (in both cases if the ''user'' has the required privileges).
 
Editing of master data table can be done from the left menu '''''Settings/Data Sets''''' or directing from the records using the fields based on the master data (in both cases if the ''user'' has the required privileges).
Line 17: Line 17:
 
! Access menu !! Description
 
! Access menu !! Description
 
|-
 
|-
|'''''Settings/Data Sets/Access Requests/Access Requests Types'''''|| The types of ''access requests'', e.g. "Personal data deletion''.
+
|'''''Settings/Data Sets/Access Requests/Access Requests Types'''''|| The types of ''access requests'', e.g. "Personal data deletion".
 
|-
 
|-
 
|'''''Settings/Data Sets/Access Requests/Communication Channels'''''|| The communication channels used to acquire the ''access request'', e.g. "email".
 
|'''''Settings/Data Sets/Access Requests/Communication Channels'''''|| The communication channels used to acquire the ''access request'', e.g. "email".
Line 26: Line 26:
 
|-
 
|-
 
|'''''Settings/Data Sets/Access Requests/Relationships to Data Subjects'''''|| The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship".
 
|'''''Settings/Data Sets/Access Requests/Relationships to Data Subjects'''''|| The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship".
 +
|-
 +
|'''''Settings/Data Sets/Access Request/Access Request Warning Schedule'''''|| This data set enable the ''user'' to set the plan the sent of warning mail.
 
|-
 
|-
 
|'''''Settings/Data Sets/Actions/Action Type'''''|| The type of action, for example "corrective".
 
|'''''Settings/Data Sets/Actions/Action Type'''''|| The type of action, for example "corrective".
 
|-
 
|-
|'''''Settings/Data Sets/Consents/Consent Categories'''''|| The category of the consent, for example the consent to send a newsletter. This table is very likely to be updated.
+
|'''''Settings/Data Sets/Consents/Consent Types'''''|| The type of the consent, for example the consent to send a newsletter. This table is very likely to be updated.
 
|-
 
|-
|'''''Settings/Data Sets/Consents/Consent Sources'''''|| The source where the consent is given or denied, for example a "contract".
+
|'''''Settings/Data Sets/Consents/Consent Sources'''''|| The source of ''consent''. Could be a website name or the name of the company.
 
|-
 
|-
 
|'''''Settings/Data Sets/Consents/Consent Subjects'''''|| The subject giving the consent, typically a person.
 
|'''''Settings/Data Sets/Consents/Consent Subjects'''''|| The subject giving the consent, typically a person.
 
|-
 
|-
 
|'''''Settings/Data Sets/Consents/Consent Matching Mail'''''|| The email address of the recipient where the consent is sent.  
 
|'''''Settings/Data Sets/Consents/Consent Matching Mail'''''|| The email address of the recipient where the consent is sent.  
 +
|-
 +
|'''''Settings/Data Sets/Data Breaches/Affected Personal Data Categories'''''|| The categories of subjects whose ''personal data'' are treated during the ''data breach'', for example "employees master data".
 +
|-
 +
|'''''Settings/Data Sets/Data Breaches/Data Breach Warning Schedule'''''|| This data set enable the ''user'' to set the plan the sent of warning mail.
 +
|-
 +
|'''''Settings/Data Sets/Data Breaches/Authority Warning Schedule'''''|| This data set enable the ''user'' to set the plan the sent of warning mail to the Authority. 
 +
|-
 +
|'''''Settings/Data Sets/Data Breaches/Type of Breaches'''''|| Identify the type of Breaches , for example "Security Breach".
 
|-
 
|-
 
|'''''Settings/Data Sets/Issues / Non Conformities/Issue Types'''''|| The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified.
 
|'''''Settings/Data Sets/Issues / Non Conformities/Issue Types'''''|| The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified.
Line 41: Line 51:
 
|'''''Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period'''''|| Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4".
 
|'''''Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period'''''|| Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Access Applications'''''|| The applications which may be used to access 'personal data', for example "web browsers".
+
|'''''Settings/Data Sets/Processing Activities/Access Applications'''''|| The applications which may be used to access ''personal data'', for example "web browsers".
 +
|-
 +
|'''''Settings/Data Sets/Processing Activities/Access Connections'''''|| The connections which may be used when accessing ''personal data'', for example "internet".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Access Connections'''''|| The connections which may be used when accessing 'personal data', for example "internet".
+
|'''''Settings/Data Sets/Processing Activities/Access Devices''''' || The devices which may be used when accessing ''personal data'', for example "personal computer".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Access Devices''''' || The devices which may be used when accessing 'personal data', for example "personal computer".
+
|'''''Settings/Data Sets/Processing Activities/Applicable Regulations''''' || The regulation applicable to the processing activity.
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Affected Personal Data Categories'''''|| The categories of subjects whose 'personal data' are treated during the processing activities, for example "employees master data".
+
|'''''Settings/Data Sets/Processing Activities/Concerned Business Processes''''' || Processes concerned by this processing activity.
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Data Locations'''''|| The locations where the 'personal data' can be stored during their processing, for example "New York data centre".
+
|'''''Settings/Data Sets/Processing Activities/Data Locations'''''|| The locations where the ''personal data'' can be stored during their processing, for example "New York data centre".
 
|-
 
|-
 
|'''''Settings/Data Sets/Processing Activities/Data Processing Purposes'''''|| The purposes of data processing, for example "marketing activities".
 
|'''''Settings/Data Sets/Processing Activities/Data Processing Purposes'''''|| The purposes of data processing, for example "marketing activities".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Data Repositories'''''|| The type of data repositories where 'personal data' are stored during the processing activities, for example a specific SQL database server.
+
|'''''Settings/Data Sets/Processing Activities/Data Repositories'''''|| The type of data repositories where ''personal data'' are stored during the ''processing activities'', for example a specific SQL database server.
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Data Subjects'''''|| The types of data subjects whose 'personal data' are treated during the processing activities, for example "clients".
+
|'''''Settings/Data Sets/Processing Activities/Data Subjects'''''|| The types of data subjects whose ''personal data'' are treated during the ''processing activities'' or declared in ''Data Breach'', for example "clients".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Data Types'''''|| The types of data, e.g. identification or judicial data, which are processed during the processing activities.
+
|'''''Settings/Data Sets/Processing Activities/Data Types'''''|| The types of data, e.g. identification or judicial data, which are processed during the ''processing activities''.
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Extra EU Measures'''''|| The types of measures in place to mitigate the risks of extra EU processing activities, e.g. a "code of conduct".
+
|'''''Settings/Data Sets/Processing Activities/Extra EU Measures'''''|| The types of measures in place to mitigate the risks of extra EU ''processing activities'', e.g. a "code of conduct".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Lawful Basis for Processing'''''|| The lawful basis on which the processing of 'personal data' is authorized, e.g. "legal obligations".
+
|'''''Settings/Data Sets/Processing Activities/Lawful Basis for Processing'''''|| The lawful basis on which the processing of ''personal data'' is authorized, e.g. "legal obligations".
 
|-
 
|-
|'''''Settings/Data Sets/Processing Activities/Processing Activities'''''|| The types of processing activities performed during the processing of 'personal data', e.g. collection, adaptation, etc.
+
|'''''Settings/Data Sets/Processing Activities/Processing Activities'''''|| The types of ''processing activities'' performed during the processing of ''personal data'', e.g. collection, adaptation, etc.
 
|-
 
|-
 
|'''''Settings/Data Sets/Processing Activities/Provision Agreements'''''|| The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement.
 
|'''''Settings/Data Sets/Processing Activities/Provision Agreements'''''|| The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement.
 
|-
 
|-
|Settings/Data Sets / Processing Activities || Retention Period
+
|'''''Settings/Data Sets/Processing Activities/Retention Periods'''''|| The possible retention periods for the ''personal data'' which is processed, for example 10 years.
 +
|-
 +
|'''''Settings/Data Sets/Processing Activities/Special Data Categoris'''''|| The special data treated by a ''Processing Activity''
 
|-
 
|-
|Settings/Data Sets / Processing Activities || Suppliers
+
|'''''Settings/Data Sets/Processing Activities/Suppliers'''''|| The suppliers of data repository tools, access applications, access devises or connectivity.
 
|-
 
|-
|Settings/Data Sets / Processing Activities || Tool Operative Environments
+
|'''''Settings/Data Sets/Risks/Control Lists'''''|| The list of control to implement and to take in account during the ''risks'' analysis.
 
|-
 
|-
|Settings/Data Sets / Processor / Controllers Entities ||  
+
|'''''Settings/Data Sets/Risks/Risk Sources List'''''|| Person or non-human source that can cause a ''risk''.
 
|-
 
|-
|Settings/Data Sets / Processor / Data Controllers Officers ||  
+
|'''''Settings/Data Sets/Risks/Threats List'''''|| List of possible ''threats''.
 +
|-
 +
|'''''Settings/Data Sets/Risks/Vulnerability List'''''|| List of ''vulnerability'' that threats can exploit.
 
|}
 
|}
  
 
== Application settings ==
 
== Application settings ==
  
''Privacy-Now ®'' show in '''''Settings/Application Settings''''' the setting ticket.
+
This section concerns the preferences and settings which can be defined at application level for Privacy-Now®. These settings are accessible from '''''Settings/Application Settings'''''.
 +
 
 +
Application settings are accessible only by ''users'' with administration privileges (see below how to set them). The first ''user'' created when Privacy-Now® environment is created is set with administration privileges.
 +
 
 +
<b>''Settings/Application Settings''</b> link open the ''Setting'' of Privacy Now® service.  
  
Process Level setting gain on Company level if defined. The process defined and describe in wiki are:
+
Settings are organized in six sections:
* [[Access_Requests|Access Requests]]
 
* [[Actions|Actions]]
 
* [[Audits|Audits]]
 
* [[Consents|Consents]]
 
* [[Data Breaches|Data Breaches]]
 
* [[Issue & Non conformities|Issue & Non conformities]]
 
* [[Privacy Impact Assessments|Privacy Impact Assessments]]
 
* [[Processing Activities|Processing Activities]]
 
* [[Risks|Risks]]
 
  
 +
* <u>''Tracking''</u>
 +
* <u>''Consents Settings''</u>
 +
* <u>''Group Settings''</u>
 +
* <u>''Notification Settings''</u>
 +
* <u>''Utility''</u>
 +
* <u>''License Details''</u>
 +
* <u>''Purchase History''</u>
  
<b>''Settings/Application Settings''</b> link open the ''Setting''Ticket.  
+
=== Tracking ===
 +
These setting enable the ''User'' to identify the ''service name'' and the <u>Subscription id</u> they have subscribed and the current status of the ''service''.
  
Selecting the record shown, the ''Administrator'' can see and change the ''Settings'' Application properties.
+
Here is possible to upload a new logo for Privacy Now® service, by use '''BROWSE''' command.
The information are presented five sections:
 
* Trackings
 
* Settings
 
* Group Settings
 
* License Details
 
* Purchase History
 
  
The table below report the fields and a short description of them:
+
=== Consents Settings ===
 +
These settings refer to ''consents'' management process. See the [[consents]] guide for more information on the process.
 +
 
 +
The table below report the settings fields available and a short description of their meaning:
 
{| class="wikitable"
 
{| class="wikitable"
! Section !! Field !! Description
+
! Field !! Description
 
|-
 
|-
|Tracking ||<u>code</u>||Automatically created by the system identify uniquely the record information
+
|<u>Data Subject Matching criteria</u> || This field allow to define the criteria to match an incoming ''consent'' sent by mail with the existing ''consents'' in Privacy-Now®. After trying to match if the consent subject is found, the existing consent record is updated. If the consent subject is not found, a new consent record is created. This field may have one of the following two values: "Mail" (consent subject is matched using the email address), "Username" (consent subject is matched using the user name identifier, for example the login used by the consent subject to access a website).
 
|-
 
|-
|Tracking ||<u>Project/Service</u>||Project service created when the service is initialized
+
|<u>Consents Matching Mail </u>|| ''Consents'' can be acquired from emails. With this field it is possible to define the recipients of the emails which will be checked to process the ''consents''. Emails in the inbox with other recipients will be ignored.
 +
|}
 +
 
 +
==== Consents Source Details ====
 +
This section allows to configure the mailbox to import ''consents'' in current Privacy-Now® environment.
 +
 
 +
The front-end web site shall be able to gather ''consents'' and send them to this mailbox as a structured email (see the paragraph dedicated to [[Consents#Consent Mail Structure and Procedure|Consent Mail Structure and Procedure]]).
 +
 
 +
Each correctly parsed email will generate one or more ''consents'' in current Privacy-Now® environment.
 +
 
 +
IMPORTANT WARNING: IS STRONGLY RECOMMENDED TO CREATE A BACKUP MAILBOX TO STORE ALL THE EMAIL (TO BE FORWARDED FROM MAIN MAILBOX) BECAUSE PRIVACY-NOW® WILL DELETE THEM DURING PARSING PROCESS.
 +
 
 +
{| class="wikitable"
 +
! Field !! Description
 
|-
 
|-
|Tracking ||<u>Ticket Type</u>||Identify the process the information refer to. In our case "Settings"
+
|<u>Host</u>|| This field shall be filled with the mailbox server address.
 
|-
 
|-
|Tracking ||<u>Ticket Op Status</u>||Each process on the system is based on a workflow. This field report current status value.
+
|<u>Port</u>|| This field shall be filled with the mailbox server port.
 
|-
 
|-
|Tracking ||<u>Subscription Id </u>|| Unique identfier of subscription. This vaule will be used also by renewal process.
+
|<u>Username</u>|| This field shall be filled with the mailbox login.
 
|-
 
|-
|Settings||<u>Consent Matching Mail </u>|| This field contains the emails values read by the ''Consent process'' to load automatically the ''consent'' ticket
+
|<u>Password</u>|| This field shall be filled with the mailbox password.
 +
|-
 +
|<u>Email</u>|| This field shall be filled with the email.
 +
|-
 +
|<u>Protocol</u>|| This field shall be filled with the mailbox server protocol (available: "POP3", "IMAP", "POP3S", "IMAPS").
 +
|-
 +
|<u>Status</u>|| This field contains values: "Active", "Inactive". When it will be saved in "Active": Privacy-Now® will start to download and elaborate all the email.
 +
|}
 +
 
 +
=== Group Settings ===
 +
Privacy-Now® has several profiles for ''user'' privileges. The profiles determines what ''users'' can do while executing processes (e.g. ''access requests'', ''consents'', etc.). ''Users'' can be assigned to ''groups'' and ''groups'' can be finally assigned to profiles in each record (e.g. ''access request'', ''consent'' etc.).
 +
 
 +
The fields <u>DPO Profile</u>, <u>DP Profile</u>, <u>DC Profile</u>, <u>Auditors Team Profile</u> and <u>Working Team Profile</u> allow to define which ''groups'' the ''user'' will be able to see and select in each process.
 +
 
 +
The fields <u>DPO Default</u>, <u>DP Default</u>, <u>DC Default</u>, <u>Auditors Team Default</u> and <u>Working Team Default</u> allow to define the default ''groups'' which will be set everytime a new record is created.
 +
 
 +
The above fields, shall be defined for each process/workflow, e.g. ''access requests'', ''actions'', ''audits'' management, etc.
 +
 
 +
In order to update the fields for a process, perform the following steps:
 +
 
 +
*Choose the process by setting the <u>GDPR Process</u> field
 +
*Load the set values for all the field by using the '''LOAD''' command
 +
*Set the values for the fields
 +
*Save the settings by using the '''SAVE''' command at the bottom of the form.
 +
 
 +
Repeat the above steps for all the processes you need to configure.
 +
 
 +
=== Notification Settings ===
 +
The table below report the settings fields available and a short description of their meaning:
 +
 
 +
{| class="wikitable"
 +
! Field !! Description
 
|-
 
|-
|Settings||<u>Consent Matching Mail</u> || This field contains the emails values read by the ''Consent process'' to load automatically the ''consent'' ticket
+
|<u>Consents Warnings Recipients</u> || This field contains the emails addresses notified when ''consents'' warnings are triggered.
 +
Is possible to select one or more ''group'' using field <u>Send Consent Warnings to Groups</u>: in this case all the members of selected ''groups(s)'' will be notified when ''consents'' warnings are triggered.
 
|-
 
|-
|Settings||<u>Consent Subject Matching criteria</u> || Used by the ''Consent process'', the ''User'' can select from two possible value: "Mail","Username". This information is used to identify the ''User'' the consent information belongs to comparing the "Mail" or the "Username" stored in Privacy-Now ® with the value present into the ''Consent'' mail.
+
|<u>Data Breach Warnings Recipients</u> || This field contains the emails addresses notified when ''data breach'' warnings are triggered.
 +
Is possible to select one or more ''group'' using field <u>Send Data Breach Warnings to Groups</u>: in this case all the members of selected ''groups(s)'' will be notified when ''data breach''  warnings are triggered.
 +
 
 +
Is possible to select the ''owner'' of record as email address notified by click on option ''Send Data Breach Warnings to Owner''.
 
|-
 
|-
|Settings||<u>Delete Ticket</u> || The ''Administrator'' can cancel physically a ticket from database inserting a ticket number and selecting the command <b> DELETE TICKET</b>
+
|<u>Authority Warnings Recipients</u> || This field contains the emails addresses notified when ''data breach'' warnings for authority are triggered.
 +
Is possible to select one or more ''group'' using field <u>Send Data Breach Authority Warnings to Groups</u>: in this case all the members of selected ''groups(s)'' will be notified when ''data breach'' warnings for authority are triggered.
 +
 
 +
Is possible to select the ''owner'' of record as email address notified by click on option ''Send Data Breach Authority Warnings to Owner''.
 
|-
 
|-
|Settings||<u>Group Settings</u> ||This section is quite important. Here the Administrator can model the behavior of each process, addressing there right ''role'', ''group of people'' to the right set of privileges. The table below shows the information reported in each fields:
+
|<u>Access  Warnings Recipients</u> || This field contains the emails addresses notified when ''access request'' warnings are triggered.
{| class="wikitable"
+
Is possible to select one or more ''group'' using field <u>Send Access Request Warnings to Groups</u>: in this case all the members of selected ''groups(s)'' will be notified when ''access request'' warnings are triggered.
! Field !! Description
 
|-
 
|<u>Process</u>  || This selection enable the Administrator to select a specific process or Default. Default refer to Company level of setting. Click on the yellow folder to select one item from the list.
 
|-
 
|<u>Load</u>  || This button ''load'' the existing information and load it on the ticket
 
|-
 
|<u>DPO Default </u> || This selection enable the ''Administrator'' to select which group will act as ''[[glossary|Data Protection Officer]]'' by default for the selected process or at company level
 
|-
 
|<u>DP Default</u>  || This selection enable the ''Administrator'' to select which group will act as '[[glossary|Data Processor]]'' by default for the selected process or at company level
 
|-
 
|<u>DC Default</u>  || This selection enable the ''Administrator'' to select which group will act as '[[glossary|Data Controller]]'' by default for the selected process or at company level
 
|-
 
|<u>AUD Default</u>  || This selection enable the ''Administrator'' to select which group will act as '[[glossary|Auditor]]'' by default for the selected process or at company level
 
|-
 
|<u>DPO View</u>  || This selection enable the ''Administrator'' to select which groups can be added to the default and act as ''[[glossary|Data Protection Officer]]'' for the selected process or at company level.
 
|-
 
|<u>DP View</u> || This selection enable the ''Administrator'' to select which groups can be added to the default and act as ''[[glossary|Data Processor]]'' for the selected process or at company level.
 
|-
 
|<u>DC View </u> || This selection enable the ''Administrator'' to select which groups can be added to the default and act as ''[[glossary|Data Controller]]'' for the selected process or at company level.
 
|-
 
|<u>AUD View</u>  || This selection enable the ''Administrator'' to select which groups can be added to the default and act as ''[[glossary|Auditor]]'' for the selected process or at company level.
 
|}
 
  
 +
Is possible to select the ''owner'' of record as email address notified by click on option ''Send Access Request Warnings to Owner''.
 +
|}
 +
 +
=== Utility ===
 +
In this sections, special functionalities are grouped.
 +
 +
==== Delete Record ====
 +
From records management (e.g. ''access requests'', ''consents'') physical deletion is not possible. In other words, records can always be moved to one or more end of life status(es) where no changes are possible. however, normal ''users'' cannot physically delete records. This can be done instead by ''users'' with administrative privileges with this tool.
 +
 +
To delete a record, simply enter the record code to be deleted in <u>Record Code to Delete</u> and launch the '''Delete Record''' command.
 +
 +
IMPORTANT WARNING: IT WILL NOT BE POSSIBLE TO RESTORE THE RECORD CONTENT AFTER DELETION.
 +
 +
=== License Details ===
 +
This section allows to view the details of the license active for the current Privacy-Now® environment.
 +
 +
{| class="wikitable"
 +
! Field !! Description
 
|-
 
|-
|License Details||<u>License package</u>|| Type of license subscribed. This information is automatically update by the license process renewal.
+
|<u>License Package</u>|| This field shows the type of subscription active.
 
|-
 
|-
|License Details||<u>Licensed User</u>|| Total Number of active ''User'' bought. This information is automatically update by the license process renewal.
+
|<u>Licensed User</u>|| This field shows the number of activated ''users'' (those in status "Active").
 
|-
 
|-
|License Details||<u>Licensed Access Requests</u>|| Monthly Number of ''Access Requests'' bought. This information is automatically update by the license process renewal.
+
|<u>Licensed Access Requests</u>|| Monthly number of ''access requests'' that it is possible to open. This numbers is depending on the type of subscription.
 
|-
 
|-
|License Details||<u>Licensed Consents</u>|| Monthly Number of ''Consents'' bought. This information is automatically update by the license process renewal.
+
|<u>Licensed Consents</u>|| Monthly number of ''consents'' that it is possible to open. This numbers is depending on the type of subscription.
 
|-
 
|-
|License Details||<u>Check License</u>|| Button that enable the ''Administrator'' to perform a self-checking of license compliance.  
+
|'''Check License'''|| This commands launches a system check that refreshes the values of <u>Active Users</u>, <u>Monthly Access Requests</u> and <u>Monthly Consents</u> fields.
 
|-
 
|-
|License Details||<u>Active Users</u>|| Number of Active User calculated by <b>Check License</b> function
+
|<u>Active Users</u>|| Number of "users" currently activated (in status "active").
 
|-
 
|-
|License Details||<u>Monthly Access Requests</u>|| Number of ''Access Requests'' calculated by <b>Check License</b> function
+
|<u>Monthly Access Requests</u>|| Number of ''access requests'' opened in the current month.
 
|-
 
|-
|License Details||<u>Monthly Consents</u>|| Number of ''Consents'' calculated by <b>Check License</b> function
+
|<u>Monthly Consents</u>|| Number of ''consents'' opened in the current month.
 
|-
 
|-
|Purchase History||<u>Purchase Event</u>|| This information is automatically update by the Initialization process first and by license process renewal after.
+
|<u>Initial Activation Date</u>|| The date when the Privacy-Now® service was initially activated.
 +
|-
 +
|<u>Expected End Date</u>|| The date when the Privacy-Now® service will terminate. Access wont' be possible after this date. The environment and all data will be fully erased 30 days after this date.
 +
|-
 +
|}
  
|}
+
=== Purchase History ===
 +
In this section, the history of the purchase transaction is reported for control aims.
 +
Every transaction is added after the last before.

Latest revision as of 16:27, 31 October 2019

Introduction

This part of the guide covers some fundamental settings which are needed to work with Privacy Now®:

  • Master data
  • Application settings

Master data

Master data tables contain the sources data of the fields using single or multi choice options.

Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by users with the Admin field set to "Yes".

Editing of master data table can be done from the left menu Settings/Data Sets or directing from the records using the fields based on the master data (in both cases if the user has the required privileges).

The table below lists the master data tables and provides a short description of their content.

Access menu Description
Settings/Data Sets/Access Requests/Access Requests Types The types of access requests, e.g. "Personal data deletion".
Settings/Data Sets/Access Requests/Communication Channels The communication channels used to acquire the access request, e.g. "email".
Settings/Data Sets/Access Requests/Results Notification Methods The communication channels to be used to communicate the results of an access request, e.g. "email".
Settings/Data Sets/Access Requests/Data Subject Types The type of subject requesting the access request, e.g. "employee".
Settings/Data Sets/Access Requests/Relationships to Data Subjects The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship".
Settings/Data Sets/Access Request/Access Request Warning Schedule This data set enable the user to set the plan the sent of warning mail.
Settings/Data Sets/Actions/Action Type The type of action, for example "corrective".
Settings/Data Sets/Consents/Consent Types The type of the consent, for example the consent to send a newsletter. This table is very likely to be updated.
Settings/Data Sets/Consents/Consent Sources The source of consent. Could be a website name or the name of the company.
Settings/Data Sets/Consents/Consent Subjects The subject giving the consent, typically a person.
Settings/Data Sets/Consents/Consent Matching Mail The email address of the recipient where the consent is sent.
Settings/Data Sets/Data Breaches/Affected Personal Data Categories The categories of subjects whose personal data are treated during the data breach, for example "employees master data".
Settings/Data Sets/Data Breaches/Data Breach Warning Schedule This data set enable the user to set the plan the sent of warning mail.
Settings/Data Sets/Data Breaches/Authority Warning Schedule This data set enable the user to set the plan the sent of warning mail to the Authority.
Settings/Data Sets/Data Breaches/Type of Breaches Identify the type of Breaches , for example "Security Breach".
Settings/Data Sets/Issues / Non Conformities/Issue Types The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified.
Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4".
Settings/Data Sets/Processing Activities/Access Applications The applications which may be used to access personal data, for example "web browsers".
Settings/Data Sets/Processing Activities/Access Connections The connections which may be used when accessing personal data, for example "internet".
Settings/Data Sets/Processing Activities/Access Devices The devices which may be used when accessing personal data, for example "personal computer".
Settings/Data Sets/Processing Activities/Applicable Regulations The regulation applicable to the processing activity.
Settings/Data Sets/Processing Activities/Concerned Business Processes Processes concerned by this processing activity.
Settings/Data Sets/Processing Activities/Data Locations The locations where the personal data can be stored during their processing, for example "New York data centre".
Settings/Data Sets/Processing Activities/Data Processing Purposes The purposes of data processing, for example "marketing activities".
Settings/Data Sets/Processing Activities/Data Repositories The type of data repositories where personal data are stored during the processing activities, for example a specific SQL database server.
Settings/Data Sets/Processing Activities/Data Subjects The types of data subjects whose personal data are treated during the processing activities or declared in Data Breach, for example "clients".
Settings/Data Sets/Processing Activities/Data Types The types of data, e.g. identification or judicial data, which are processed during the processing activities.
Settings/Data Sets/Processing Activities/Extra EU Measures The types of measures in place to mitigate the risks of extra EU processing activities, e.g. a "code of conduct".
Settings/Data Sets/Processing Activities/Lawful Basis for Processing The lawful basis on which the processing of personal data is authorized, e.g. "legal obligations".
Settings/Data Sets/Processing Activities/Processing Activities The types of processing activities performed during the processing of personal data, e.g. collection, adaptation, etc.
Settings/Data Sets/Processing Activities/Provision Agreements The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement.
Settings/Data Sets/Processing Activities/Retention Periods The possible retention periods for the personal data which is processed, for example 10 years.
Settings/Data Sets/Processing Activities/Special Data Categoris The special data treated by a Processing Activity
Settings/Data Sets/Processing Activities/Suppliers The suppliers of data repository tools, access applications, access devises or connectivity.
Settings/Data Sets/Risks/Control Lists The list of control to implement and to take in account during the risks analysis.
Settings/Data Sets/Risks/Risk Sources List Person or non-human source that can cause a risk.
Settings/Data Sets/Risks/Threats List List of possible threats.
Settings/Data Sets/Risks/Vulnerability List List of vulnerability that threats can exploit.

Application settings

This section concerns the preferences and settings which can be defined at application level for Privacy-Now®. These settings are accessible from Settings/Application Settings.

Application settings are accessible only by users with administration privileges (see below how to set them). The first user created when Privacy-Now® environment is created is set with administration privileges.

Settings/Application Settings link open the Setting of Privacy Now® service.

Settings are organized in six sections:

  • Tracking
  • Consents Settings
  • Group Settings
  • Notification Settings
  • Utility
  • License Details
  • Purchase History

Tracking

These setting enable the User to identify the service name and the Subscription id they have subscribed and the current status of the service.

Here is possible to upload a new logo for Privacy Now® service, by use BROWSE command.

Consents Settings

These settings refer to consents management process. See the consents guide for more information on the process.

The table below report the settings fields available and a short description of their meaning:

Field Description
Data Subject Matching criteria This field allow to define the criteria to match an incoming consent sent by mail with the existing consents in Privacy-Now®. After trying to match if the consent subject is found, the existing consent record is updated. If the consent subject is not found, a new consent record is created. This field may have one of the following two values: "Mail" (consent subject is matched using the email address), "Username" (consent subject is matched using the user name identifier, for example the login used by the consent subject to access a website).
Consents Matching Mail Consents can be acquired from emails. With this field it is possible to define the recipients of the emails which will be checked to process the consents. Emails in the inbox with other recipients will be ignored.

Consents Source Details

This section allows to configure the mailbox to import consents in current Privacy-Now® environment.

The front-end web site shall be able to gather consents and send them to this mailbox as a structured email (see the paragraph dedicated to Consent Mail Structure and Procedure).

Each correctly parsed email will generate one or more consents in current Privacy-Now® environment.

IMPORTANT WARNING: IS STRONGLY RECOMMENDED TO CREATE A BACKUP MAILBOX TO STORE ALL THE EMAIL (TO BE FORWARDED FROM MAIN MAILBOX) BECAUSE PRIVACY-NOW® WILL DELETE THEM DURING PARSING PROCESS.

Field Description
Host This field shall be filled with the mailbox server address.
Port This field shall be filled with the mailbox server port.
Username This field shall be filled with the mailbox login.
Password This field shall be filled with the mailbox password.
Email This field shall be filled with the email.
Protocol This field shall be filled with the mailbox server protocol (available: "POP3", "IMAP", "POP3S", "IMAPS").
Status This field contains values: "Active", "Inactive". When it will be saved in "Active": Privacy-Now® will start to download and elaborate all the email.

Group Settings

Privacy-Now® has several profiles for user privileges. The profiles determines what users can do while executing processes (e.g. access requests, consents, etc.). Users can be assigned to groups and groups can be finally assigned to profiles in each record (e.g. access request, consent etc.).

The fields DPO Profile, DP Profile, DC Profile, Auditors Team Profile and Working Team Profile allow to define which groups the user will be able to see and select in each process.

The fields DPO Default, DP Default, DC Default, Auditors Team Default and Working Team Default allow to define the default groups which will be set everytime a new record is created.

The above fields, shall be defined for each process/workflow, e.g. access requests, actions, audits management, etc.

In order to update the fields for a process, perform the following steps:

  • Choose the process by setting the GDPR Process field
  • Load the set values for all the field by using the LOAD command
  • Set the values for the fields
  • Save the settings by using the SAVE command at the bottom of the form.

Repeat the above steps for all the processes you need to configure.

Notification Settings

The table below report the settings fields available and a short description of their meaning:

Field Description
Consents Warnings Recipients This field contains the emails addresses notified when consents warnings are triggered.

Is possible to select one or more group using field Send Consent Warnings to Groups: in this case all the members of selected groups(s) will be notified when consents warnings are triggered.

Data Breach Warnings Recipients This field contains the emails addresses notified when data breach warnings are triggered.

Is possible to select one or more group using field Send Data Breach Warnings to Groups: in this case all the members of selected groups(s) will be notified when data breach warnings are triggered.

Is possible to select the owner of record as email address notified by click on option Send Data Breach Warnings to Owner.

Authority Warnings Recipients This field contains the emails addresses notified when data breach warnings for authority are triggered.

Is possible to select one or more group using field Send Data Breach Authority Warnings to Groups: in this case all the members of selected groups(s) will be notified when data breach warnings for authority are triggered.

Is possible to select the owner of record as email address notified by click on option Send Data Breach Authority Warnings to Owner.

Access Warnings Recipients This field contains the emails addresses notified when access request warnings are triggered.

Is possible to select one or more group using field Send Access Request Warnings to Groups: in this case all the members of selected groups(s) will be notified when access request warnings are triggered.

Is possible to select the owner of record as email address notified by click on option Send Access Request Warnings to Owner.

Utility

In this sections, special functionalities are grouped.

Delete Record

From records management (e.g. access requests, consents) physical deletion is not possible. In other words, records can always be moved to one or more end of life status(es) where no changes are possible. however, normal users cannot physically delete records. This can be done instead by users with administrative privileges with this tool.

To delete a record, simply enter the record code to be deleted in Record Code to Delete and launch the Delete Record command.

IMPORTANT WARNING: IT WILL NOT BE POSSIBLE TO RESTORE THE RECORD CONTENT AFTER DELETION.

License Details

This section allows to view the details of the license active for the current Privacy-Now® environment.

Field Description
License Package This field shows the type of subscription active.
Licensed User This field shows the number of activated users (those in status "Active").
Licensed Access Requests Monthly number of access requests that it is possible to open. This numbers is depending on the type of subscription.
Licensed Consents Monthly number of consents that it is possible to open. This numbers is depending on the type of subscription.
Check License This commands launches a system check that refreshes the values of Active Users, Monthly Access Requests and Monthly Consents fields.
Active Users Number of "users" currently activated (in status "active").
Monthly Access Requests Number of access requests opened in the current month.
Monthly Consents Number of consents opened in the current month.
Initial Activation Date The date when the Privacy-Now® service was initially activated.
Expected End Date The date when the Privacy-Now® service will terminate. Access wont' be possible after this date. The environment and all data will be fully erased 30 days after this date.

Purchase History

In this section, the history of the purchase transaction is reported for control aims. Every transaction is added after the last before.

Retrieved from "http://wiki.privacy-now.eu/en/index.php?title=Settings&oldid=791"