General Data Protection Regulation (GDPR)

Owned by Mahnoor Khan (Deactivated)
Last updated: Sept 23, 2021 by Greg Walsh
6 min read

Overview

The EU General Data Protection Regulation replaces the Data Protection Directive and will apply to all member states without requiring changes to national legislation. The new regulation is intended to harmonize data protection rules across EU member states and improve data protection for EU citizens. GDPR also encompasses the processing of data held on EU residents by companies outside of the European Union.

While unifying data protection rules across EU member states will make it easier for non-European organizations to comply with the regulation, fines of up to 4% of annual turnover, can be imposed in the case of a breach. Organizations will be obligated to disclose breaches within 72 hours or face tough penalties.

As part of GDPR, our customers will have to assess their data assets including how data is stored and accessed, what level of risk it’s exposed to, and whether it contains PII and PIFI (Personally Identifiable Information and Personally Identifiable Financial Information). Data assets that are stored in application databases, server file systems and on end user devices must be protected.

All companies with EU operations who employ more than 250 employees will be subject to GDPR, which takes effect on May 25, 2018. The Regulation acknowledges that many SMEs pose a smaller risk to the privacy of data subjects than larger organizations. For example, Article 30 of the Regulation states that organizations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data […] or personal data relating to criminal convictions and offences”.

Requirements

EngageIP version 9.1 or higher is required for this option.

Purging an Account

When you search for customer accounts a purge button is presented at the bottom of the account search list:

Account Purge Process:

  1. Enter a search phrase for specific accounts or simply click the count of users to pull up list of accounts

  2. Check the box beside the accounts you would like to purge data on

  3. Click Purge button

  4. Select the items you would like to purge per account

  5. Click Next

  6. Click Yes to agree to the statement

When the purge is initiated by clicking next in the Account Purge Options Screen, a dialog will pop up with the following text : "Initiating the purge will remove all personally identifiable information associated with this account in compliance with regulatory requirements such as EU GDPR. Once this data is purged, it is not recoverable. Do you wish to proceed ?" The user will have the option to click "No" to cancel this operation, or "Yes" to initiate the purge.

If the purge process fails, an error such as the one below will be presented:

Data Anonymized

The following information related to an account will be anonymized.

  • Name

  • Street Address

  • State

  • Country

  • Email

  • Phone

  • Date of Birth

  • Bank a.c

  • Credit Card Number

  • ACH Number

  • Drivers License Number

  • VAT

  • Role

  • Language

  • Postal code

  • Consent

The EngageIP interface does provide facilities for entering notes and text. These include description fields when configuring services, comments in tickets, notes etc. The onus rests on the end user of the system to ensure that PII Data will not be entered in these fields. PII data should only be entered in fields designed for that purpose including:

Full name (Contact.Name)
Home address (ContactPoint.Value)
Email address (if private from an association/club membership, etc.) (ContactPoint.Value)
Telephone number (ContactPoint.Value)
Login name, screen name, nickname, or handle (User.Name)
First or last name, if common (Contact.Name)
Country, state, postcode or city of residence (ContactPoint.Value)
AccountID (User.Account)
Workplace (Contact.Company, Contact.Title)

It is possible that previously customers may have entered PII data in fields like tickets, notes etc. The EngageIP 9 interface does provide the ability to search for ticket information. Customers would need to perform a search of PII data in tickets and notes through the EngageIP interface and then manually remove PII data from the affected tickets, or delete the entity in it's entirety.

Usage data is out of scope. Usage records in isolation cannot provide context around account level personal information. If the personal information is anonymized or deleted, then the UDRs in isolation will not be able to reveal information related to the individual account.

The purge can only be initiated on cancelled accounts. It is the responsibility of the customer to make sure the account has been cancelled and inactive prior to initiating the purge. Initiating the purge on an account that is not in cancelled state will trigger an error message "The account must be first cancelled prior to initiating a purge". At the back end EngageIP, will define a new status for accounts that have been purged.

An account that has been previously purged cannot be purged again. A purge operation is final and cannot be undone. Accounts that have been purged will not show up in the account list in EngageIP reports, Tools, Tickets in any of the operational tabs (credits, refunds, payments, transactions, invoices) or in any searches. A purged account is for all intensive purposes removed from the system and will no longer be visible.

Customers may or may not place PII data within the EngageIP Account Names. Some customers may choose an opaque name such as account A000385749. Others may use the first and last name of an individual in the account name. As part of the configuration, EngageIP will provide a checkbox that indicates if the account name should be anonymized or not when initiating a purge. By default this checkbox will be set. Customers who do not wish to anonymize the Account Name field when purging the account can uncheck this checkbox. This means that the account name will not be anonymized during the purge.

Configuration Option to Purge Account Name

Consent Tracking

EngageIP is considered a processor from a GDPR perspective. It is the end customer that needs to provide consent on collection and use of data. The end customer provides implicit agreement for this in their legal documentation.

Hosted pages/payment proxy iFrames need to provide a dialog during the save operation providing consent to collection of data in compliance with GDPR. During the save process, the dialog will prompt with the following text.

"By clicking 'Accept' you consent to the collection and storage of personal data in compliance with regulatory standards including GDPR, SOC and PCI. If you are entering this data on behalf of the end customer, you have explicitly obtained their consent"

The option of displaying the dialog should be a configurable option so that the customer can choose whether or not they display this dialog.

The account creation screen will have an optional checkbox to provide the ability to track consent for PII Data. This is unchecked by default.

The administrator will need to explicitly check this box to provide consent when configuring a new account. This status of the consent will be tracked on the account profile report.

PII data may sometimes be contained within profile questions and answers. The system will provide the ability to track consent for entering PII data within profile questions and answers.