The upcoming GDPR (General Data Protection Regulation) is a European directive relating to the handling, storage and security of data with particular emphasis on the privacy of data relating to individuals.
In some cases this will necessitate organisations changing some of their internal processes and practices to ensure compliance with the regulation.
In order to assist users of the Influence Professional software in fulfilling their obligations some additional tools have been added to the system, revolving around Policy Management.
Contents (Click an Item to Jump to that section)
Data Policy Subscription Record
Data Statement / Subject Access Request
Complete File Removal Facility
For published policies it is possible to store revisions (e.g. Version 1.01, 1.02, 1.03, etc.) and to store the particular text relating to each published revision.
It is also possible to indicate whether a policy is to be included as part of the GDPR processes, and if so, then it is possible to record against a candidate record which version of a particular policy that candidate subscribed to.
Find out more using the following article: https://support.influence-it.com/article/356-policy-manager
Data Protection Manager
For records relating to individuals (i.e. Candidates or Contacts) a new area has been added relating to Data Protection.
The new facility can be accessed using a small 'Padlock' icon in the toolbar, and contains several features as detailed below.
More information can be found in the full article, https://support.influence-it.com/article/358-data-protection-manager-padlock
Data Receipt Record
The Data Receipt Record also allows users to record how and when individuals data has been received. It is possible to record that date, time and method of data receipt and to store supporting evidence in the system by using drag & drop to store the relevant file or email. You can also record a review date.
Data Policy Subscription Record
The Data Policy Subscription Record allows users to record which of the published policies this person has opted IN/OUT from as well as the particular version they subscribed to, and these will be logged as journal transactions with a time/date giving an audit trail.
It is possible to record the method used for opting IN/OUT from the policy. Supporting evidence can be stored using "Drag&Drop".
Data Statement / Subject Access Request (SAR)
A new facility has been added to allow users to easily produce a Data Statement relating to an individual, which contains details of all the information held about an individual, that can then be sent to them when they make a SAR (Subject Access Request). The report can be emailed, or copied and printed to be send by post. It can be accessed using the Padlock icon in the same way as the Data Receipt record (above).
Personal Data Removal Tool
In conjunction with the Data Statement mentioned above, there is a new facility to easily remove personal Data. This allows users to retain a candidate record with BASIC information (Name, system Reference No. etc) so as to preserve database integrity and allow statistical reporting for purposes such as performance analysis, revenue comparisons year-on-year, etc. but to remove all personal data from the system.
As a result of using the Data Receipt record (above) to record if an individual has opted IN or OUT from a policy, the system automatically assigns them to a Policy Group.
These Policy Groups are displayed at the left hand side of the relevant workbench [Candidates] / [Contacts] within the Groups section.
These groups can be used to easily communicate with those who have opted IN (or OUT) of a particular policy and are maintained automatically by the system as a result of the Data Receipt Records.
More information regarding the creation and use of Policy Groups see the following article: https://support.influence-it.com/article/359-policy-groups
Complete file removal facility (Deletion)
The deletion of personal data can be easily achieved using the Personal Data Removal tool mentioned above. It is also possible to totally remove a record if desired, and this will also remove the associated documents which have been stored on disc for the particular individual.
Record deletion is controlled with a password, and all such deletions will be logged providing an audit trail of these deletions.
As well as the new tools introduced above, the Influence Professional software contains a wealth of useful facilities which can can be employed by agencies to help ensure compliance with the GDPR directive. Some of the more useful of these are described below, but there are many of the existing facilities which could be used depending upon your precise approach.
- Candidate Status
The Status field of a candidate can be a useful indicator regarding the state of a candidate. One way to use STATUS is to ensure that all new candidates are created with a specific Status (e.g. "RAW" or "UNAPPROVED") when they are first created or added to the system. Users should then move candidate to a "LIVE" Status only once the relevant approval has been received from the candidate.
By sensible use of the existing Journal system users can ensure that all relevant points of contact with individuals are recorded, with a suitable audit trail. The Journal will record the date and time of an event along with the userID of the individual who recorded this.
Journals can be EMAILS, PHONE records or NOTES, and judicious use off all three will pay dividends in the long term.
The Attributes system within the software is typically used to record candidate "Skills" and abilities, but can be used for much more. As well as parsing CVs looking for particular words or phrases to assign an attribute it is also possible to build a structure of attributes to indicate other tings about candidates, such as a willingness to receive News-letters or Monthly 'Job Updates'.
It is often a good idea to separate these 'internal' attributes from those used to record the actual 'skills' for the candidate, perhaps by assigning them to a separate tab.
The fact that attributes can be used as part of searches makes them ideal for building groups and organising your database in a well ordered and structured manner.
The use of Templates can dramatically increase the efficiency of dealing with data requests, either when you as an agency are requesting information from individuals or when responding to requests for data in the form of a SAR.