Yep - those 4 letters ‘GDPR’
No doubt you have heard a lot about GDPR, whether it’s from us, or from many other organisations. The thing is, it is an important piece of legislation and we together need to ensure we comply.
We’ve shared some of the updates with you that we’ve already made or are working on in our Jadu Continuum products over the past few months.
For this blog post we’re focusing on our recent CXM release #94 as well as what’s coming in #95.
As announced in #94 release email, we’ve added a new feature in CXM which enables you to add a ‘Privacy policy link and checkbox’.
Why?
When new users register for an account in CXM in order to comply with GDPR, they’ll need to tick the checkbox to agree to your organisation’s Privacy Policy. If they don’t they’ll be unable to register for an online account.
How to get started?
In your CXM account, go to ‘Settings’ and select ‘User Administration’. Then select the sixth tab ‘Registration’. You’ll see an option to ‘Enable Privacy Policy link and checkbox’ simply tick the checkbox and enter your ‘Privacy Policy link in ‘Privacy policy web address’ field.
What’s next?
Staff users will be able to delete user accounts:
At the moment, staff can only delete a customer record. However, in the next release, when a staff user deletes a customer record this will now also delete the customer’s online user account (the account used to log into their MyAccount page and CXM).
Before the account is deleted, the staff user will be presented with a warning alert which they will need to tick to confirm they would like to delete the account.
Staff users will also be able to delete personal data from a case:
Staff must find the case(s) where the customer has requested to have their personal data removed and click ‘delete personal data’. This will delete the following:
- Case values for all fields marked as ‘sensitive’ (read on for more details)
- All messages
- All letters
- All email alerts
- All file attachments
- And all case notes
An entry will be added to the case history saying ‘case redacted by user x at <time> <date>’. The case itself will not be deleted.
Fields with personal data
Case values will only be deleted for fields that are marked as containing sensitive data. This means that you will need to review your fields in CXM and check the box for ‘contains sensitive data’ for any fields where personal data could be entered by the customer or staff users (see screenshot below). This is likely to only apply to text, text area, telephone, email and URL fields. You should not allow choice fields to be deleted when personal data is removed from a case if you require to use the data for reporting.
Who can remove personal data and for which case types?
For users to be able to click to 'remove personal data' for a case, the case type must have the setting to 'Allow deletion of personal data from cases' enabled, and the user's role must have the permission to 'delete personal data' which will need to be added by administrators.
Leave a comment