- Data Protection Impact Assessment (DPIA) helps organisations to identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/ You may need to do this if you undertake large-scale data processing or record special categories if data. If you don’t need to carry out a DDIA you will need to look at conducting a data audit. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
- Privacy Notice – this holds information that you direct people to. It tells them about the categories of data you hold, how long you’ll keep it, the lawful basis for processing etc. Link – ICO Guidance https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources/
- Purpose – Record why, how long you store personal data for and the lawful basis for processing personal data according to ICO Article 6 https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
- Privacy Rules – Set up automated system rules to apply the purposes you have created.
- Privacy Log – This is a Gold-Vision object that holds any Privacy rules applied and also requests made by each data subject (Contact/Lead)
- Privacy Notice Provided – Records that a Privacy Notice has been provided. This can be triggered by a Rule applied individually or to a Campaign Stage.
- Personal Data – GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
- Sensitive Data – GDPR refers to sensitive personal data as “special categories of personal data” specifically this includes genetic data, and biometric data where processed to uniquely identify an individual. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/
Tip: Fields in Gold-Vision can be marked as personal or sensitive using the Screen Designer in the Settings area.
Subject Access RequestsIndividuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
Erasure RequestsThe broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
Expired RecordsRecords where the duration for the purpose for holding the data has expired. For example, you might hold prospect data for 2 years, at the end of 2 years the record will be marked as an Expired item. See below.
Deleted ItemsDeleted Gold-Vision records can be un-deleted by an Administrator.
Erased ItemsRecords will be permanently removed from the data base and cannot be un-deleted.
Applying Your GDPR Strategy To Gold-VisionGold-Vision, as with other business software products, will be one element of your GDPR strategy. After completing a GDPR compliance review and formulating a plan it is likely you will need to map some of it into your CRM.Whilst each Gold-Vision instance is uniquely configured to suit individual processes and business practices, there are central themes that will assist you in recording your GDPR compliance.Once you have identified your processes, legal basis for processing personal data, special requirements such as sensitive/personal data, and have carried out a data audit or DPIA, you will be ready to map these processes to your specific Gold-Vision instance. See moreIf you have specific questions regarding Gold-Vision and GDPR please contact your Account Manager directly.