Microbizz's GDPR handling can be set up in the User module, the CRM module, Task module, Project module and the Person module.
For persons, users and companies you may create GDPR consent agreements. The person (or user or company) gives consent by accepting the GDPR consent agreement which you have created; they receive a mail or similar containing a link to the GDPR consent agreement. The agreement cannot be edited once it has been published.
The GDPR handling allows to specify what should happen when a person (or user, company, task, project) expires. This is to prevent that you retain old data for employees that have left your company long ago.
Each object (person/user/company/task/project) has an expiration date; when the date is reached the object is deleted or some of the objects's data is cleared. The anonymization happens during the night, and only affect objects that expired the previous day, not objects that expired more than 1 day earlier.
Here you'll find the following settings:
- Default expiration period: When the person is edited Microbizz will suggest an expiration date this far into the future
- When expiring: What should happen when the expiration date is reached. Choose between one of the following:
- Do nothing
- Anonymize the selected data fields: The selected fields will be cleared to empty values
- When anonymizing data, also delete...: Specify which additional data that should also be deleted when the expiration date is reached
- Delete the person: (or the user or company etc)
- Hold mails?: If the mails should be hold back instead of being sent right away; you will then need to approve the mails in the Reminder module before they are sent.
- New persons should give consent in regards to GDPR by default: If this is set then new persons/users/companies will be marked so that they will receive GDPR consent mails the next time consent is request
- Mail text for requesting consent: This is the mail text that is included when a mail is sent to the persons/users/companies to request GDPR content
- Person data fields: These fields should be cleared when the expiration date is reached, this should be the fields containing sensitive personal data
The "Request consent from all" button this will request consent from all persons/users/companies.
When consent is requested for a person, a mail is sent to the persons' email addresses. The mail contains the mail text from above, and a link to a web page where they can see the agreement and accept it.
On the person/user/company search page you may select one or more persons/users/companies and then select "Request GDPR consent again". On the same search page you can enable the columns "Version accepted" and "Version requested" to see which agreement version have been accepted/requested for the persons/users/companies.
Edit consent agreements
You can have multiple consent agreements, but you can only edit the unpublished ones. When an agreement is published it may possibly be sent automatically to all relevant users. When the persons/users/companies go to see/accept the agreement, they will always see the latest published agreement.
When you publish an agreement it is given a version number. Publishing also means that the mails are sent, but you are warned about that. When the person accepts the agreement the version number is stored with the person.
Send test to me
The "Send test to me" button sends a test mail to you, so that you can see how the GDPR consent agreement looks.