Difference between revisions of "Consents"
(→Bulk operations on consent records) |
|||
| Line 125: | Line 125: | ||
Each mail shall contain one or more ''consent''. Each ''consent'' is manageable only if 3 parameters are present and valorized: <u>Consent_'''[consent name]'''</u> , <u>Value_'''[consent name]'''</u> and <u>Date_Time_'''[consent name]'''</u>. | Each mail shall contain one or more ''consent''. Each ''consent'' is manageable only if 3 parameters are present and valorized: <u>Consent_'''[consent name]'''</u> , <u>Value_'''[consent name]'''</u> and <u>Date_Time_'''[consent name]'''</u>. | ||
| − | Each ''consent'' present in mail will create a new | + | Each ''consent'' present in mail will create a new record or update an existing record in Privacy-Now®. The existence of a consent is matched on <u>Consent_'''[consent name]'''</u>, <u>Scope</u> and the option selected in <u>Data Subject Matching criteria</u>. |
{| class="wikitable" | {| class="wikitable" | ||
Revision as of 13:30, 18 February 2019
Contents
Introduction to Consents
Consents management provide the mean to acquire, update and use consents information. For example, it is possible to use Privacy Now® as a central repository of information about all the consents. Information about consents can be created and updated manually or interfacing Privacy Now® with external system. See the paragraph Consents Source Details for more information.
Workflow
A new consent can be created using the Add New functionality and choosing "New Consent". Alternatively, a new consent can be automatically acquired or updated by an external system.
A workflow enables to move consents in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the consent is initially created before the first save. |
| Valid | A consent in this status is valid and its information can be used accordingly. |
| Wrong email | This status is set manually or automatically. It can be set automatically by bulk import from xlsx. |
| Expired | In this status a consent is expired and therefore should be removed. |
| To be Removed | In this status, the consent shall be removed (the status is used to identify consents by the automatic removal procedure). |
Information
Consent records are organized in three sections:
- Identification, where identification data of the consent are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the consent;
- Consent Details, with the details of the consent;
It's possible to select only one consent type and one consent subject for each consent record. When the consent type is selected/updated the following fields could be automatically updated too (check details in table below).
| Field | Description |
|---|---|
| Consent Expires | At record insert/update: the value of this field will be set to "Yes" if selected consent type Duration (days) is > 0, otherwise "No". |
| Consent Last Update | At record insert/update: The value of this field will be set to current date and time. |
| First Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in First Warning (days). |
| Second Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Second Warning (days). |
| Final Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Third Warning (days). |
| Retention Deadline | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Retention Period (days). |
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
A consent can be automatically created by authorized external systems or by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the consent is managed by the roles described in the table below. groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have several privileges. They can:
|
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
However, some steps may be performed automatically (see the paragraph dedicated to warning and alerts).
Warning and alerts
Each consent will be set as an expiring consent or not depending from the property Duration (days) of selected consent type:
- Duration (days) = 0: in this case the current consent will never expire and no warning will be raised.
- Duration (days) > 0: in this case the current consent will expire and will be possible to configure four levels of warning.
| Field | Description |
|---|---|
| Code | The value of this field shall be an integer and shall be univocal. It is the matching code used by Privacy Now® to automatically acquire consent from external system. |
| Consent Type | The value of this field shall be univocal. It is the name of consent type (i.e.: "Newsletter"). |
| Description | Description of consent type. |
| Duration (days) | The value of this field shall be an integer >= 0. It is used by Privacy Now® mainly to set current consent record as expiring consent or not. |
| First Warning (days) | The value of this field shall be an integer >= 0. It will be used to evaluate the first warning threshold in case current consent is an expiring one. |
| Second Warning (days) | The value of this field shall be an integer >= 0. It will be used to evaluate the second warning threshold in case current consent is an expiring one. |
| Third Warning (days) | The value of this field shall be an integer >= 0. It will be used to evaluate the third warning threshold in case current consent is an expiring one. |
| Retention Period (days) | The value of this field shall be an integer >= 0. It will be used to evaluate the last warning threshold in case current consent is an expiring one. |
| Web Site URL | The value of this field will be the URL of front-end web site area to allow the data subject management of their consent (renew or revoke). It will be used in warning email sent by Privacy Now® to data subject in case the below option Send Warning to Data Subject is selected. |
| Send Warning to Data Subject | This field shall be set to "true" if consent record for selected consent type shall cause warning sending to data subject too, otherwise the warning will be sent only to receivers set into Settings\Application Settings (see the paragraph dedicated to Consents Warnings Recipients ). |
Reports
The list of consents can be filtered and exported to excel format from the view Consents.
Consents Import
Privacy-Now® allows to acquire consents from external source (using structured email or xlsx file).
Consent Mail Structure and Procedure
Privacy-Now® can be connected to a mailbox to acquire consents (see the paragraph dedicated to Consents Scope Details).
A consent email shall contain the following parameters (one for each row): some of them are mandatory, while some other optional (check the detailed description of each one). The email format shall be plain text (HTML email will not be processed correctly) and shall not contain any signature.
Each mail shall contain one or more consent. Each consent is manageable only if 3 parameters are present and valorized: Consent_[consent name] , Value_[consent name] and Date_Time_[consent name].
Each consent present in mail will create a new record or update an existing record in Privacy-Now®. The existence of a consent is matched on Consent_[consent name], Scope and the option selected in Data Subject Matching criteria.
| Field | Description |
|---|---|
| Source | The value of this parameter is mandatory and shall be filled with the consent scope(ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in Settings/Data Sets/Consents/Consent Scopes. |
| Name | The value of this parameter is mandatory. The first name of data subject. |
| Surname | The family name of data subject. |
| The email of data subject. | |
| City | The town of data subject. |
| Province_State | The province or state of data subject. |
| Country | The country of data subject. |
| Phone | The phone number of data subject. |
| User_id | The univocal id (integer) of the user corresponding to data subject in consent scope(ie: id of user in web site). |
| Username | The univocal login of the user corresponding to data subject in consent scope(ie: login of user in web site). |
| IP_address | The ip address used by data subject during web site browsing. |
| Lang | The main language of data subject. Possible values: "en-GB", "it-IT" and "fr-FR". |
| Consent_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newsletter). At least one Consent_[consent name] shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the Code inserted in Settings/Data Sets/Consents/Consent Types. |
| Value_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newsletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Value_[consent name] (ie: Value_Newsletter). The value of this parameter shall be "1" (consent given) or "0" (consent denied). |
| Date_Time_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newsletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Date_Time_[consent name] (ie: Date_Time_Newsletter). The value of this parameter shall be the date and time of consent management in web site. It shall be in format dd-mm-yyyy hh:mm:ss . |
Example of a well structured email:
Source:myCompanyName Name:Jhon Surname:Smith Email:jhon.smith@mymail.com City:myTown Province_State:myProvince Country:myCountry Phone:002235468 User_id:12345 Username:jsmith IP_address:192.168.1.27 Lang:en-GB Consent_A:1 Value_A:0 Date_Time_A:12-10-2018 10:14:50 Consent_B:2 Value_B:0 Date_Time_B:12-10-2018 10:14:50 Consent_Newsletter:3 Value_Newsletter:1 Date_Time_Newsletter:12-10-2018 10:14:50
Bulk operations on consent records
Privacy Now® allows the bulk management of consent from Consents\Manage Consents from xlsx.
Use below template to perform following bulk operations:
File:Consent Import Template.xlsx
The operations allowed are:
- "insert": Insert/Update of consents
The data in current xlsx row will be updated on an existing consent if system match it univocally by consent type code, data subject email and scope, otherwise a new consent will be created. If data subject is not found: it will be created.
- "remove": Removal of consents
The consent matched by consent type code, data subject email and scope will be removed.
- "wrongemail": Move consents in status "Wrong Email"
The consent matched by consent type code, data subject email and scope will be moved in "Wrong Email" status. Only consent in "Valid" status can be moved in "Wrong Email" status.
The details of expected xlsx structure is explained in following table: for each operations is detailed which are the mandatory data.
| Field | Description | Insert/Update | Remove | Move to "Wrong Email" |
|---|---|---|---|---|
| Id | Univocal Id of Data Subject in Privacy Now®. | Optional | Optional | Optional |
| Name | Name of Data Subject in acquiring system. | Mandatory | Optional | Optional |
| Surname | Surname of Data Subject in acquiring system. | Mandatory | Optional | Optional |
| Email of Data Subject in acquiring system. | Mandatory | Mandatory | Mandatory | |
| Phone | Phone of Data Subject in acquiring system. | Optional | Optional | Optional |
| City | City of Data Subject in acquiring system. | Optional | Optional | Optional |
| Province/State | Province/State of Data Subject in acquiring system. | Optional | Optional | Optional |
| Country | Country of Data Subject in acquiring system. | Optional | Optional | Optional |
| Username | Login of Data Subject in acquiring system. | Optional | Optional | Optional |
| Consent | Consent Type Code to be granted to imported Data Subject (defined in Privacy Now®). | Mandatory | Mandatory | Mandatory |
| Value | Consent Value given by Data Subject for the imported Consent Type. The value could be "1" (consent granted) or "0" (consent not granted). | Mandatory | Optional | Optional |
| Date | consent date. | Mandatory | Optional | Optional |
| Description | record description. | Optional | Optional | Optional |
| Service | Privacy Now® service used as import target. | Optional | Optional | Optional |
| Lang | Data Subject selected language. | Optional | Optional | Optional |
| uid | Univocal Id of Data Subject in acquiring system. | Optional | Optional | Optional |
| Scope | A key word defining univocally the acquiring system. | Mandatory | Mandatory | Mandatory |
| Operation | This field specify which is the operation expected for current xlsx record: "insert", "remove" or "wrongemail" | Mandatory | Mandatory | Mandatory |
A consent can be removed individually from Application Settings (see the paragraph dedicated to Appication Settings - Utility).
