Policy Manager (GDPR)

Created by Martin Parkinson, Modified on Tue, 23 Jul at 6:38 PM by Graeme Orchard

After Version 1.00.17.339 we have introduced a Data Policy Management module.
The purpose of this module is to help manage the publication and distribution of Policies, and to track and record acceptance of those policies for people in the database.

Example:

You may have a 'Green Policy' explaining your environmental actions and activities.
You may have a 'General Data Policy' regarding your use and storage of all personal data.

You may have a Privacy Policy explaining how you process and handle data and keep that data secure.

ETC...



CONTENTS   (Click to jump to that section)


TABLE OF CONTENTS






Overview

In order to assist in compliance with the GDPR directive, several new facilities have been added to the system. The Policy Manager allows users to record details of their published policies and determine if those policies require an individual within the database to opt IN/OUT from the policy. It is possible to record revisions to policies and versions as well as to store documentation of text relating to the published policy.

Any stored documents of text can be merged into templates such as emails so that they can easily be sent out to individuals within the database.



1. THE POLICY MANAGER

The Policy Manager is where you can store, manage and publish Policies.
Policies are statements regarding how you run your business and what your policies. The can include items such as  are  use of data, storage of data, environmental responsibilities, etc.

It can be accessed via Maintenance > Tools > Policy Manager


Back to Top



2. CREATE A NEW POLICY

Click the [New] button at the bottom of the screen.

On the Details tab enter a CODE and a Description.


CODEA 4-digit code for the policy  
Description The description for the policy
ACTIVEsets the date. (though policies are not 'implemented' until they're Published)
Usage *You can choose a specific Method e.g. email, SMS which is applicable to this policy.
(At the moment this is not used, and has no effect, but MAY be used in future)
GDPRTick this is you wish to record whether someone has opted in/out of this policy, and be able to see details of this policy on the padlock of the candidate/contact.
Applies to
Where does this apply; CAND (Candidate), CONT (Contact) or BOTH (both)
The default is BOTH.
Feature avialable from release 1.00.18.206 (or later) 

(At the moment the Usage feature has no functionality but may be used for future development. It is best to set this. e.g. If a policy applied specifically to SMS, then choose the relevant Method.)


The Opting tab allows users to specify TEXT which can be used to opt in/Out of a policy.
Currently this has no functionality but is in place for future development.

The Stats tab has no functionality but is for future development.

The Document tab will show details of  the document (Filename) which contains the details of this policy. Once the policy has been created [OK], it is possible to drag/drop the policy document onto this page.

Any document that is dragged/dropped onto this page will be ReNamed to match the policy and given a suitable revision number. (e.g. Right_To_Represent_1V01.doc)

IMPORTANT: When creating Policies please avoid the codes CON, PRN, AUX, NUL or any code starting COMn, e.g. COM1, COM2, etc. as these are not allowed as folder names within windows.


Back to Top





3. MANAGE EXISTING POLICIES

Once a Policy has been created it is possible to manage that policy using the Policy Editor.
(>) Will allow users to drill-in to the setup of that policy to see the Opting Text, Stats and Document.

Filter PolicyUse the drop-down to restrict the view to a particular Policy, e.g. Privacy Notice

Published [   ] Draft   [   ] Historic   [    ]   Use these tick boxes to decide which versions of a policy are displayed. e.g. If you only wish to see the Published policies, then only tick this option.
FilenameThis will display the filename of the document associated with the chosen policy.  Double-click the filename to open the document.


To add a new document, simply double-click the filename column, then Drag/Drop the required document onto the screen (see below)

TextIt is possible to add TEXT to a Draft policy by clicking the 
Existing text is indicated by a   icon. Clicking this will open the text and allow editing.
AttachmentTick this if the policy document should be added as an item within the attachment manager  in Influence, so that it can easily be attached to Journals and emails sent from the database.
TemplateTick this if the policy & document should be allowed as an attachment Merge Field in templates. i.e. You can add a MERGE field to a template, which will attach this policy document whenever that particular template (email) is sent.
Website Tick this to indicate that the policy is published/available on your website.
Tick this column shows how many people have ticked (opted In) to this version of the policy.
Cross  this column indicates how many people have opted out of this version of the policy.
Question     This column shows the number of people where the policy has been 'considered' but no decision has been made yet.


Clicking the small number in any of these columns will offer the user the change to create a GROUP containing those people. The GROUP can then be used to contact all of those people.  (See example Below)


Back to Top





4. CREATE POLICY REVISIONS

Once a Policy has been published, you may (from time-to-time) need to make revisions and publish a new or revised version of the Policy. This is very easy.

At the bottom left of the Policy Editor screen you will see radio buttons for
Minor (  ) and Major (  )  revisions. Simply select the relevant button and press [Create]

EXAMPLE

If you had published Data Policy 1.00 and created a minor revision, this would become  Data Policy 1.01, then Data Policy 1.02 etc.

When a Minor revision is created it is possible to inherit the optees.
i.e. Everyone who has opted-in to Version 1.02 could be opted-in to version 1.03 
This is controlled with the Inherit Optees [   ]  check box., which it ticked by default for Minor revisions-see below.


Minor revisions might be used for small changes such as corrections to spelling mistakes or minor wording changes to a policy.


Creating a Major revision would increment the 'main' version number and reset the increment, so Data Policy 1.02 would become Data Policy 2.00

IMPORTANT: When creating a Major revision it is not possible to inherit optees.


Major revisions would be used when there is a fundamental change that affects the policy and requires people to re-submit their opt-in/opt-out.

[Publish]: Pressing the [Publish] button will publish the policy and create a new "DRAFT" version of the policy.  Each subsequent publication of a policy 'shuffles back' the status of previous policies.

e.g. If you had the situation as below;

Data Policy 1.02     [Draft]
Data Policy 1.01     [Published]
Data Policy 1.00     [Historic]

Publishing a new Minor  revision will create a situation as below:

Data Policy 1v03.doc     [Draft]
Data Policy 1v02.doc     [Published]
 Data Policy 1v01.doc    
[Historic]

 Data Policy 1v00.doc     
[Historic]


Back to Top





5. POLICY GROUPS

At the bottom right of the Policy Manager screen is a GROUPS section.

This is used to switch between Candidate groups or Contact Groups and allows users to see which Candidates have opted In or out from a particular policy, or which contacts have opted in/out from those same policies.

(See below)



Back to Top




6. USING A POLICY TO CONTROL AN ACTION  

(From version 1.00.20.160 or later)

It is possible to get a Policy to control an action. For example you could set the system so that it is not possible to Attach/Send the SafeCV of a candidate until they had subscribed to the "CV Send" Policy.

How?

The process is simple:

i) Create and publish a policy called "SendCV"

ii) Go to Maintenance > Setup > Code Tables, then select code table Data Cnsnt Code [450] and tick Extra Info [  ]

iii) Use the Cand Pol/Cont Pol column to specify the POLICY CODE which will control the action. Use the Assumed Prevention column (set to 1.0) to set the item to 'Blocked' unless subscribed to the relevant Policy.     (See below)



Example 1: 

Document 2, 7 & 10 on a candidate record contains versions of their "Safe CV". A new policy "SCV" has been created to record the candidates' consent to their CV being sent out. 

To prevent these documents from being sent/attached without this policy being ticked, the Data Cnsnt codes [450] code table has AD2,  AD7 & AD10 linked to the policy "SCV"
All of these items (AD2, 7 & 10) are set to "Assumed Prevention" which will stop users sending/attaching these documents unless the candidate has opted-in to this policy



Example 2: 

You might want to prevent candidates from being emailed unless they have opted-in to your 'email' Policy, and Wants Emails.


STEP 1: Create and publish an 'Email Allowed' Policy.

Go to Maintenance > Setup > Policy Manager.

At the top left click the Green➕ and add a new Policy e.g. MAIL

Tick GDPR [  ] to indicate the policy is subject to GDPR Management (i.e. Controlled via the Padlock in the toolbar)




STEP 2: Choose which Consent Centre Items are controlled by this Policy

Go to Maintenance > Setup > Code Tables, then select code table Data Cnsnt Codes [450]

Tick the Extra Info [  ] option. 

For the items Email and Personal email, set the Cand Pol/Cont Pol as  MAIL


You then have a choice on how you wish to set the 'Assumed prevention' column.


Assumed
Prevention = 0.0
Candidates who have specifcially opted OUT of the MAIL policy cannot be emailed.
All other candidates can be contacted by email, even if they have not yet opted IN.
Assumed
Prevention = 1.0
Only candidates who have specifically opted IN to the MAIL policy can be emailed.
Those who have opted out, or not chosen cannot be emailed (assumed prevention)





Back to Top





Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article