Settings
Contents
Introduction
This part of the guide covers some fundamental settings which are needed to work with Privacy Now®:
- Master data
- Application settings
Master data
Master data tables contain the sources data of the fields using single or multi choice options.
Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by users with the Admin field set to "Yes".
Editing of master data table can be done from the left menu Settings/Data Sets or directing from the records using the fields based on the master data (in both cases if the user has the required privileges).
The table below lists the master data tables and provides a short description of their content.
| Access menu | Description |
|---|---|
| Settings/Data Sets/Access Requests/Access Requests Types | The types of access requests, e.g. "Personal data deletion". |
| Settings/Data Sets/Access Requests/Communication Channels | The communication channels used to acquire the access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Results Notification Methods | The communication channels to be used to communicate the results of an access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Data Subject Types | The type of subject requesting the access request, e.g. "employee". |
| Settings/Data Sets/Access Requests/Relationships to Data Subjects | The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship". |
| Settings/Data Sets/Access Request/Access Request Warning Schedule | This data set enable the user to set the plan the sent of warning mail. |
| Settings/Data Sets/Actions/Action Type | The type of action, for example "corrective". |
| Settings/Data Sets/Consents/Consent Categories | The category of the consent, for example the consent to send a newsletter. This table is very likely to be updated. |
| Settings/Data Sets/Consents/Consent Sources | The source where the consent is given or denied, for example a "contract". |
| Settings/Data Sets/Consents/Consent Subjects | The subject giving the consent, typically a person. |
| Settings/Data Sets/Consents/Consent Matching Mail | The email address of the recipient where the consent is sent. |
| Settings/Data Sets/Data Breaches/Affected Personal Data Categories | The categories of subjects whose personal data are treated during the data breach, for example "employees master data". |
| Settings/Data Sets/Data Breaches/Data Breach Warning Schedule | This data set enable the user to set the plan the sent of warning mail. |
| Settings/Data Sets/Data Breaches/Authority Warning Schedule | This data set enable the user to set the plan the sent of warning mail to the Authority. |
| Settings/Data Sets/Data Breaches/Type of Breaches | Identify the type of Breaches , for example "Security Breach". |
| Settings/Data Sets/Issues / Non Conformities/Issue Types | The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified. |
| Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period | Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4". |
| Settings/Data Sets/Processing Activities/Access Applications | The applications which may be used to access personal data, for example "web browsers". |
| Settings/Data Sets/Processing Activities/Access Connections | The connections which may be used when accessing personal data, for example "internet". |
| Settings/Data Sets/Processing Activities/Access Devices | The devices which may be used when accessing personal data, for example "personal computer". |
| Settings/Data Sets/Processing Activities/Data Locations | The locations where the personal data can be stored during their processing, for example "New York data centre". |
| Settings/Data Sets/Processing Activities/Data Processing Purposes | The purposes of data processing, for example "marketing activities". |
| Settings/Data Sets/Processing Activities/Data Repositories | The type of data repositories where personal data are stored during the processing activities, for example a specific SQL database server. |
| Settings/Data Sets/Processing Activities/Data Subjects | The types of data subjects whose personal data are treated during the processing activities or declared in Data Breach, for example "clients". |
| Settings/Data Sets/Processing Activities/Data Types | The types of data, e.g. identification or judicial data, which are processed during the processing activities. |
| Settings/Data Sets/Processing Activities/Extra EU Measures | The types of measures in place to mitigate the risks of extra EU processing activities, e.g. a "code of conduct". |
| Settings/Data Sets/Processing Activities/Lawful Basis for Processing | The lawful basis on which the processing of personal data is authorized, e.g. "legal obligations". |
| Settings/Data Sets/Processing Activities/Processing Activities | The types of processing activities performed during the processing of personal data, e.g. collection, adaptation, etc. |
| Settings/Data Sets/Processing Activities/Provision Agreements | The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement. |
| Settings/Data Sets/Processing Activities/Retention Periods | The possible retention periods for the personal data which is processed, for example 10 years. |
| Settings/Data Sets/Processing Activities/Suppliers | The suppliers of data repository tools, access applications, access devises or connectivity. |
| Settings/Data Sets/ Processor / Controller Entities | The details of the controller entities involved in processing activities. |
| Settings/Data Sets/ Processor / Processor Entities | The details of the processor entities involved in processing activities. |
Application settings
This section concerns the preferences and settings which can be defined at application level for Privacy-Now®. These settings are accessible from Settings/Application Settings.
Application settings are accessible only by users with administration privileges (see below how to set them). The first user created when Privacy-Now® environment is created is set with administration privileges.
Settings/Application Settings link open the Setting Ticket.
Settings are organized in six sections:
- Tracking
- Consents Settings
- Group Settings
- License Details
- Purchase History
- Tools
Tracking
These setting enable the User to identity the service name and the Subscription id they have subscribed and the actual status of the service
Consents Settings
These settings refer to consents management process. See the consents guide for more information on the process.
The table below report the settings fields available and a short description of their meaning:
| Field | Description |
|---|---|
| Consents Matching Mails | Consents can be acquired from emails. With this field it is possible to define the recipients of the emails which will be checked to process the consents. Emails in the inbox with other recipients will be ignored. |
| Consents Warnings Recipients | This field contains the emails addresses notified when consents warnings are triggered. |
| Consents Subjects Matching criteria | This field allow to define the criteria to match an incoming consent sent by mail with the existing consents in Privacy-Now®. After trying to match if the consent subject is found, the existing consent record is updated. If the consent subject is not found, a new consent record is created. This field may have one of the following two values: "Mail" (consent subject is matched using the email address), "Username" (consent subject is matched using the user name identifier, for example the login used by the consent subject to access a website). |
Group Settings
Privacy-Now® has several profiles for user privileges. The profiles determines what users can do while executing processes (e.g. access requests, consents, etc.). Users can be assigned to groups and groups can be finally assigned to profiles in each record (e.g. access request, consent etc.).
The fields DPO Profile, DP Profile, DC Profile, Audit Team Profile and Working Team Profile allow to define which "groups" the user will be able to see and select in each process.
The fields DPO Default, DP Default, DC Default, Audit Team Default and Working Team Default allow to define the default "groups" which will be set everytime a new record is created.
The above fields, shall be defined for each process/workflow, e.g. access requests, actions, audits management, etc.
In order to update the fields for a process, perform the following steps:
- Choose the process by setting the Process field
- Load the set values for all the field by using the LOAD command
- Set the values for the fields
- Save the settings by using the SAVE command at the bottom of the form.
Repeat the above steps for all the processes you need to configure.
License Details
This section allows to view the details of the license active for the current Privacy-Now® environment.
| Field | Description |
|---|---|
| License Package | This field shows the type of subscription active. |
| Licensed User | This field shows the number of activated users (those in status "Active"). |
| Licensed Access Requests | Monthly number of access requests that it is possible to open. This numbers is depending on the type of subscription. |
| Licensed Consents | Monthly number of consents that it is possible to open. This numbers is depending on the type of subscription. |
| Check License | This commands launches a system check that refreshes the values of Active Users, Monthly Access Requests and Monthly Consents fields. |
| Active Users | Number of "users" currently activated (in status "active"). |
| Monthly Access Requests | Number of access requests opened in the current month. |
| Monthly Consents | Number of consents opened in the current month. |
| Initial Activation Date | The date when the Privacy-Now® service was initially activated. |
| Expected End Date | The date when the Privacy-Now® service will terminate. Access wont' be possible after this date. The environment and all data will be fully erased 30 days after this date. |
Purchase History
In this section, the history of the purchase transaction is reported for control aims. Every transaction is added after the last before.
Tools
In this sections, special functionalities are grouped.
Record deletion
From records management (e.g. access requests, consents) physical deletion is not possible. In other words, records can always be moved to one or more end of life status(es) where no changes are possible. however, normal users cannot physically delete records. This can be done instead by users with administrative privileges with this tool.
To delete a record, simply enter the record code to be deleted in Record Code to Delete and launch the Delete Record command.
IMPORTANT WARNING: IT WILL NOT BE POSSIBLE TO RESTORE THE RECORD CONTENT AFTER DELETION.
