Difference between revisions of "Settings"
(→Group Settings) |
|||
| Line 116: | Line 116: | ||
The above fields, shall be defined for each process/workflow, e.g. ''access requests'', ''actions'', ''audits'' management, etc. | The above fields, shall be defined for each process/workflow, e.g. ''access requests'', ''actions'', ''audits'' management, etc. | ||
| + | In order to update the fields for a process, perform the following steps: | ||
| + | 1. Choose the process by setting the <u>Process</u> field | ||
| + | 2. Load the set values for all the field by using the '''LOAD''' command | ||
| + | 3. Set the values for the fields | ||
| + | 4. Save the settings by using the '''SAVE''' command at the bottom of the form. | ||
| + | |||
| + | Repeat the above steps for all the processes you need to configure. | ||
=== License Details === | === License Details === | ||
Revision as of 14:30, 21 September 2018
Contents
Introduction
This part of the guide covers some fundamental settings which are needed to work with Privacy Now®:
- Master data
- Application settings
Master data
Master data tables contain the sources data of the fields using single or multi choice options.
Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by users with the Admin field set to "True".
Editing of master data table can be done from the left menu Settings/Data Sets or directing from the records using the fields based on the master data (in both cases if the user has the required privileges).
The table below lists the master data tables and provides a short description of their content.
| Access menu | Description |
|---|---|
| Settings/Data Sets/Access Requests/Access Requests Types | The types of access requests, e.g. "Personal data deletion. |
| Settings/Data Sets/Access Requests/Communication Channels | The communication channels used to acquire the access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Results Notification Methods | The communication channels to be used to communicate the results of an access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Data Subject Types | The type of subject requesting the access request, e.g. "employee". |
| Settings/Data Sets/Access Requests/Relationships to Data Subjects | The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship". |
| Settings/Data Sets/Actions/Action Type | The type of action, for example "corrective". |
| Settings/Data Sets/Consents/Consent Categories | The category of the consent, for example the consent to send a newsletter. This table is very likely to be updated. |
| Settings/Data Sets/Consents/Consent Sources | The source where the consent is given or denied, for example a "contract". |
| Settings/Data Sets/Consents/Consent Subjects | The subject giving the consent, typically a person. |
| Settings/Data Sets/Consents/Consent Matching Mail | The email address of the recipient where the consent is sent. |
| Settings/Data Sets/Issues / Non Conformities/Issue Types | The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified. |
| Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period | Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4". |
| Settings/Data Sets/Processing Activities/Access Applications | The applications which may be used to access personal data, for example "web browsers". |
| Settings/Data Sets/Processing Activities/Access Connections | The connections which may be used when accessing personal data, for example "internet". |
| Settings/Data Sets/Processing Activities/Access Devices | The devices which may be used when accessing personal data, for example "personal computer". |
| Settings/Data Sets/Processing Activities/Affected Personal Data Categories | The categories of subjects whose personal data are treated during the processing activities, for example "employees master data". |
| Settings/Data Sets/Processing Activities/Data Locations | The locations where the personal data can be stored during their processing, for example "New York data centre". |
| Settings/Data Sets/Processing Activities/Data Processing Purposes | The purposes of data processing, for example "marketing activities". |
| Settings/Data Sets/Processing Activities/Data Repositories | The type of data repositories where personal data are stored during the processing activities, for example a specific SQL database server. |
| Settings/Data Sets/Processing Activities/Data Subjects | The types of data subjects whose personal data are treated during the processing activities, for example "clients". |
| Settings/Data Sets/Processing Activities/Data Types | The types of data, e.g. identification or judicial data, which are processed during the processing activities. |
| Settings/Data Sets/Processing Activities/Extra EU Measures | The types of measures in place to mitigate the risks of extra EU processing activities, e.g. a "code of conduct". |
| Settings/Data Sets/Processing Activities/Lawful Basis for Processing | The lawful basis on which the processing of personal data is authorized, e.g. "legal obligations". |
| Settings/Data Sets/Processing Activities/Processing Activities | The types of processing activities performed during the processing of personal data, e.g. collection, adaptation, etc. |
| Settings/Data Sets/Processing Activities/Provision Agreements | The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement. |
| Settings/Data Sets/Processing Activities/Retention Periods | The possible retention periods for the personal data which is processed, for example 10 years. |
| Settings/Data Sets/Processing Activities/Suppliers | The suppliers of data repository tools, access applications, access devises or connectivity. |
| Settings/Data Sets/ Processor / Controller Entities | The details of the controller entities involved in processing activities. |
| Settings/Data Sets/ Processor / Processor Entities | The details of the processor entities involved in processing activities. |
Application settings
This section concerns the preferences and settings which can be defined at application level for Privacy-Now®. These settings are accessible from Settings/Application Settings.
Application settings are accessible only by users with administration privileges (see below how to set them). The first user created when Privacy-Now® environment is created is set with administration privileges.
Settings/Application Settings link open the SettingTicket.
Settings are organized in five sections:
- Consents Settings
- Group Settings
- License Details
- Tools
- Purchase History
Consents Settings
These settings refer to consents management process. See the consents guide for more information on the process.
The table below report the settings fields available and a short description of their meaning:
| Field | Description |
|---|---|
| Consents Matching Mails | Consents can be acquired from emails. With this field it is possible to define the recipients of the emails which will be checked to process the consents. Emails in the inbox with other recipients will be ignored. |
| Consents Warnings Recipients | This field contains the emails addresses notified when consents warnings are triggered. |
| Consents Subjects Matching criteria | This field allow to define the criteria to match an incoming consent sent by mail with the existing consents in Privacy-Now®. After trying to match if the consent subject is found the existing consent record is updated. If the consent subject is not found, a new consent record is created. This field may have one of the following two values: "Mail" (consent subject is matched using the email address), "Username" (consent subject is matched using the user name identifier, for example the login used by the consent subject to access a website). |
Group Settings
Privacy-Now® has several profiles for user privileges. The profiles determines what users can do while executing processes (e.g. access requests, consents, etc.). Users can be assigned to groups and groups can be finally assigned to profiles in each record (e.g. access request, consent etc.).
The fields DPO> Profile, DP Profile, DC Profile, Audit Team Profile and Working Team Profile allow to define which "groups" the user will be able to see and select in each process.
The fields DPO> Default, DP Default, DC Default, Audit Team Default and Working Team Default allow to define the default "groups" which will be set everytime a new record is created.
The above fields, shall be defined for each process/workflow, e.g. access requests, actions, audits management, etc.
In order to update the fields for a process, perform the following steps:
1. Choose the process by setting the Process field 2. Load the set values for all the field by using the LOAD command 3. Set the values for the fields 4. Save the settings by using the SAVE command at the bottom of the form.
Repeat the above steps for all the processes you need to configure.
License Details
Tools
Purchase History
| Field | Description | Settings | Group Settings | This section is quite important. Here the Administrator can model the behavior of each process, addressing there right role, group of people to the right set of privileges. The table below shows the information reported in each fields:
| |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| License Details | License package | Type of license subscribed. This information is automatically update by the license process renewal. | |||||||||||||||||||||||||||
| License Details | Licensed User | Total Number of active User bought. This information is automatically update by the license process renewal. | |||||||||||||||||||||||||||
| License Details | Licensed Access Requests | Monthly Number of Access Requests bought. This information is automatically update by the license process renewal. | |||||||||||||||||||||||||||
| License Details | Licensed Consents | Monthly Number of Consents bought. This information is automatically update by the license process renewal. | |||||||||||||||||||||||||||
| License Details | Check License | Button that enable the Administrator to perform a self-checking of license compliance. | |||||||||||||||||||||||||||
| License Details | Active Users | Number of Active User calculated by Check License function | |||||||||||||||||||||||||||
| License Details | Monthly Access Requests | Number of Access Requests calculated by Check License function | |||||||||||||||||||||||||||
| License Details | Monthly Consents | Number of Consents calculated by Check License function | |||||||||||||||||||||||||||
| Purchase History | Purchase Event | This information is automatically update by the Initialization process first and by license process renewal after. |
In order to understand some Process Level setting gain on Company level if defined. The process defined and describe in wiki are:
