Settings
Contents
Introduction
This part of the guide covers some fundamental settings which are needed to work with Privacy Now®:
- Master data
- Application settings
Master data
Master data tables contain the sources data of the fields using single or multi choice options.
Master data tables are preloaded with initial values when the environment is initially created. These values can be later changed by users with the Admin field set to "Yes".
Editing of master data table can be done from the left menu Settings/Data Sets or directing from the records using the fields based on the master data (in both cases if the user has the required privileges).
The table below lists the master data tables and provides a short description of their content.
| Access menu | Description |
|---|---|
| Settings/Data Sets/Access Requests/Access Requests Types | The types of access requests, e.g. "Personal data deletion". |
| Settings/Data Sets/Access Requests/Communication Channels | The communication channels used to acquire the access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Results Notification Methods | The communication channels to be used to communicate the results of an access request, e.g. "email". |
| Settings/Data Sets/Access Requests/Data Subject Types | The type of subject requesting the access request, e.g. "employee". |
| Settings/Data Sets/Access Requests/Relationships to Data Subjects | The type of relationship between the access request requester and the data subject representative, if any, for example "family relationship". |
| Settings/Data Sets/Access Request/Access Request Warning Schedule | This data set enable the user to set the plan the sent of warning mail. |
| Settings/Data Sets/Actions/Action Type | The type of action, for example "corrective". |
| Settings/Data Sets/Consents/Consent Categories | The category of the consent, for example the consent to send a newsletter. This table is very likely to be updated. |
| Settings/Data Sets/Consents/Consent Sources | The source of consent. Could be a website name or the name of the company. |
| Settings/Data Sets/Consents/Consent Subjects | The subject giving the consent, typically a person. |
| Settings/Data Sets/Consents/Consent Matching Mail | The email address of the recipient where the consent is sent. |
| Settings/Data Sets/Data Breaches/Affected Personal Data Categories | The categories of subjects whose personal data are treated during the data breach, for example "employees master data". |
| Settings/Data Sets/Data Breaches/Data Breach Warning Schedule | This data set enable the user to set the plan the sent of warning mail. |
| Settings/Data Sets/Data Breaches/Authority Warning Schedule | This data set enable the user to set the plan the sent of warning mail to the Authority. |
| Settings/Data Sets/Data Breaches/Type of Breaches | Identify the type of Breaches , for example "Security Breach". |
| Settings/Data Sets/Issues / Non Conformities/Issue Types | The type of issue, i.e. an "issue" or a "non conformity". These values are unlikely to be modified. |
| Settings/Data Sets/Privacy Impact Assessments/PIA Reference Period | Th timeframe to which the privacy impact assessment refers to, for example "2018 Q4". |
| Settings/Data Sets/Processing Activities/Access Applications | The applications which may be used to access personal data, for example "web browsers". |
| Settings/Data Sets/Processing Activities/Access Connections | The connections which may be used when accessing personal data, for example "internet". |
| Settings/Data Sets/Processing Activities/Access Devices | The devices which may be used when accessing personal data, for example "personal computer". |
| Settings/Data Sets/Processing Activities/Data Locations | The locations where the personal data can be stored during their processing, for example "New York data centre". |
| Settings/Data Sets/Processing Activities/Data Processing Purposes | The purposes of data processing, for example "marketing activities". |
| Settings/Data Sets/Processing Activities/Data Repositories | The type of data repositories where personal data are stored during the processing activities, for example a specific SQL database server. |
| Settings/Data Sets/Processing Activities/Data Subjects | The types of data subjects whose personal data are treated during the processing activities or declared in Data Breach, for example "clients". |
| Settings/Data Sets/Processing Activities/Data Types | The types of data, e.g. identification or judicial data, which are processed during the processing activities. |
| Settings/Data Sets/Processing Activities/Extra EU Measures | The types of measures in place to mitigate the risks of extra EU processing activities, e.g. a "code of conduct". |
| Settings/Data Sets/Processing Activities/Lawful Basis for Processing | The lawful basis on which the processing of personal data is authorized, e.g. "legal obligations". |
| Settings/Data Sets/Processing Activities/Processing Activities | The types of processing activities performed during the processing of personal data, e.g. collection, adaptation, etc. |
| Settings/Data Sets/Processing Activities/Provision Agreements | The type of provision agreement with the suppliers of data repository tools, access applications, access devices, connectivity, for example a "software as a service" agreement. |
| Settings/Data Sets/Processing Activities/Retention Periods | The possible retention periods for the personal data which is processed, for example 10 years. |
| Settings/Data Sets/Processing Activities/Suppliers | The suppliers of data repository tools, access applications, access devises or connectivity. |
| Settings/Data Sets/ Processors / Controllers Entities | The details of the controller entities involved in processing activities. |
| Settings/Data Sets/ Processors / Data Controller Officers | The details of the data controller officers involved in processing activities. |
Application settings
This section concerns the preferences and settings which can be defined at application level for Privacy-Now®. These settings are accessible from Settings/Application Settings.
Application settings are accessible only by users with administration privileges (see below how to set them). The first user created when Privacy-Now® environment is created is set with administration privileges.
Settings/Application Settings link open the Setting Ticket.
Settings are organized in six sections:
- Tracking
- Consents Settings
- Group Settings
- Notification Settings
- Utility
- License Details
- Purchase History
Tracking
These setting enable the User to identify the service name and the Subscription id they have subscribed and the current status of the service
Consents Settings
These settings refer to consents management process. See the consents guide for more information on the process.
The table below report the settings fields available and a short description of their meaning:
| Field | Description |
|---|---|
| Data Subject Matching criteria | This field allow to define the criteria to match an incoming consent sent by mail with the existing consents in Privacy-Now®. After trying to match if the consent subject is found, the existing consent record is updated. If the consent subject is not found, a new consent record is created. This field may have one of the following two values: "Mail" (consent subject is matched using the email address), "Username" (consent subject is matched using the user name identifier, for example the login used by the consent subject to access a website). |
| Consents Matching Mail | Consents can be acquired from emails. With this field it is possible to define the recipients of the emails which will be checked to process the consents. Emails in the inbox with other recipients will be ignored. |
Consents Source Details
This section allows to configure the mailbox to import consents in current Privacy-Now® environment.
The front-end web site shall be able to gather consents and send them to this mailbox as a structured email (described in next chapter).
Each correctly parsed email will generate one or more consents in current Privacy-Now® environment.
IMPORTANT WARNING: IS STRONGLY RECOMMENDED TO CREATE A BACKUP MAILBOX TO STORE ALL THE EMAIL (TO BE FORWARDED FROM MAIN MAILBOX) BECAUSE PRIVACY-NOW® WILL DELETE THEM DURING PARSING PROCESS.
| Field | Description |
|---|---|
| Host | This field shall be filled with the mailbox server address. |
| Port | This field shall be filled with the mailbox server port. |
| Username | This field shall be filled with the mailbox login. |
| Password | This field shall be filled with the mailbox password. |
| This field shall be filled with the email. | |
| Protocol | This field shall be filled with the mailbox server protocol (available: "POP3", "IMAP", "POP3S", "IMAPS"). |
| Status | This field contains values: "Active", "Inactive". When it will be saved in "Active": Privacy-Now® will start to download and elaborate all the email. |
Expected Consent Mail Structure
A consent email shall contain the following parameters (one in each row): some of them are mandatory, while some other optional (check the detailed description of each one). It shall be a plain text mail (HTML email will not be processed correctly).
| Field | Description |
|---|---|
| Source | The value of this parameter is mandatory and shall be filled with the consent source (ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in Settings/Data Sets/Consents/Consent Sources. |
| Name | The value of this parameter is mandatory. The first name of data subject. |
| Surname | The family name of data subject. |
| The email of data subject. | |
| City | The town of data subject. |
| Province_State | The province or state of data subject. |
| Country | The country of data subject. |
| Phone | The phone number of data subject. |
| User_id | The univocal id (integer) of the user corresponding to data subject in consent source (ie: id of user in web site). |
| Username | The univocal login of the user corresponding to data subject in consent source (ie: login of user in web site). |
| IP_address | The ip address used by data subject during web site browsing. |
| Lang | The main language of data subject. Possible values: "en-GB", "it-IT" and "fr-FR". |
| Consent_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newseletter). At least one Consent_[consent name] shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the value inserted in xxx |
| Value_[consent name] | |
| Date_Time_[consent name] |
Example:
Source:myCompanyName Name:Jhon Surname:Smith Email:jhon.smith@mymail.com City:myTown Province_State:myProvince Country:myCountry Phone:002235468 User_id:12345 Username:jsmith IP_address:192.168.1.27 Lang:en-GB Consent_A:1 Value_A:0 Date_Time_A:12-10-2018 10:14:50 Consent_B:2 Value_B:0 Date_Time_B:12-10-2018 10:14:50 Consent_Newsletter:3 Value_Newsletter:1 Date_Time_Newsletter:12-10-2018 10:14:50
Group Settings
Privacy-Now® has several profiles for user privileges. The profiles determines what users can do while executing processes (e.g. access requests, consents, etc.). Users can be assigned to groups and groups can be finally assigned to profiles in each record (e.g. access request, consent etc.).
The fields DPO Profile, DP Profile, DC Profile, Auditors Team Profile and Working Team Profile allow to define which "groups" the user will be able to see and select in each process.
The fields DPO Default, DP Default, DC Default, Auditors Team Default and Working Team Default allow to define the default "groups" which will be set everytime a new record is created.
The above fields, shall be defined for each process/workflow, e.g. access requests, actions, audits management, etc.
In order to update the fields for a process, perform the following steps:
- Choose the process by setting the GDPR Process field
- Load the set values for all the field by using the LOAD command
- Set the values for the fields
- Save the settings by using the SAVE command at the bottom of the form.
Repeat the above steps for all the processes you need to configure.
Notification Settings
The table below report the settings fields available and a short description of their meaning:
| Field | Description |
|---|---|
| Consents Warnings Recipients | This field contains the emails addresses notified when consents warnings are triggered. |
Utility
In this sections, special functionalities are grouped.
Delete ticket
From records management (e.g. access requests, consents) physical deletion is not possible. In other words, records can always be moved to one or more end of life status(es) where no changes are possible. however, normal users cannot physically delete records. This can be done instead by users with administrative privileges with this tool.
To delete a record, simply enter the record code to be deleted in Ticket Code to Delete and launch the Delete Ticket command.
IMPORTANT WARNING: IT WILL NOT BE POSSIBLE TO RESTORE THE RECORD CONTENT AFTER DELETION.
License Details
This section allows to view the details of the license active for the current Privacy-Now® environment.
| Field | Description |
|---|---|
| License Package | This field shows the type of subscription active. |
| Licensed User | This field shows the number of activated users (those in status "Active"). |
| Licensed Access Requests | Monthly number of access requests that it is possible to open. This numbers is depending on the type of subscription. |
| Licensed Consents | Monthly number of consents that it is possible to open. This numbers is depending on the type of subscription. |
| Check License | This commands launches a system check that refreshes the values of Active Users, Monthly Access Requests and Monthly Consents fields. |
| Active Users | Number of "users" currently activated (in status "active"). |
| Monthly Access Requests | Number of access requests opened in the current month. |
| Monthly Consents | Number of consents opened in the current month. |
| Initial Activation Date | The date when the Privacy-Now® service was initially activated. |
| Expected End Date | The date when the Privacy-Now® service will terminate. Access wont' be possible after this date. The environment and all data will be fully erased 30 days after this date. |
Purchase History
In this section, the history of the purchase transaction is reported for control aims. Every transaction is added after the last before.
