Anonymous, bureaucrat, administrator
7,528
edits
Changes
no edit summary
bxp software (bxp) makes it easy for you to retain data securely and have it accessible through the Internet. It is however important to always remember that if you are storing personal information about a person ( customer or potential customer, member, staff, student, patient), what data you're storing and why you're storing it falls under Data Protection and you (not All n One), have to ensure you are compliant with local Data Protection laws.
That said, All n One and bxp can help greatly with your management responsibilities.
Ireland is one of the leading countries in setting data protection law. All n One is an Irish company with all of its operations and infrastructure based in Ireland managed by Irish companies. For location reasons we must be compliant with Irish law and as an organisation we want to comply with the strongest legislation available.
As a result of those conversations you will need to develop a "data retention protection policy" for your organisation. This will spell out your data retention requirements.
Customer data of active customers is perfectly legitimate to retain. Just focus on what constitutes "active".
Data of former customers will have a retention period applied. Local law will dictate what is required and where.
Potential customers may ask for their data to be removed but there is no pressure on the organisation to remove data.
For example.... I have a bunch of mobile numbers, I'd like to text them all. You must first categorise them, ensure you have permission and then careful carefully word the message to allow opt out. Failure to do so can result in €3,000 per contact, up to a maximum fine of €100,000.
** bxp provides secure storage. Please review X for more details on our facilities and approaches to security of your data.
* Appoint a person internal to the organisation to be responsible for data protection matters (DPO : Data Protection Officer)
* Ensure the DPO is trained formally according to jurisdictional laws and on an ongoing basis
* Have an organisation statement on data retention and management, which is recognised by all staff and suppliers interacting with the data
** The "Information Centre" module allows you to post notices on the equivalent of an internal noticeboard and track who has confirmed read of the message.
** The "eCourse" module allows for training courses to be built internally, and then provided to staff. The "Testing Centre" module allows for confirmation of the learning.
* Have operational policies and procedures on how the data is managed
** "eCourse" will allow for documentation of policy and procedures and audit access by staff to ensure reading and retention
** The "MetaData" module allows for procedures to be built to clean and tidy data. When tied into the scheduling engine of bxp the data protection process can be automated.
* Have quality control checks to ensure policies are being followed
If no flag is easily identifiable on the data in the form there is a process which can be applied.
* Add a flag field to the form , usually a text box will suffice.
* Run a report to Excel of all the potential data. Ensure that the CDA Id is one of the columns in the report.
* In the excel file, update the flag field with a code or word to group / categorise the data to be deleted.
''Main Menu > Form - Form and Data Deletion > Data Deletion - Data Protection - Remove records older than selected data > Choose the form > Choose the date''
So if no email, sms or any type of contact (i.e. a CCL record) has been stored within the selected time window, the record and all contact with it, will be removed.
Unlike "Data manipulation via Outcomes", JavaScript can be used in the client browser to manipulate data before it is ever sent to bxp. This level of manipulation usually allows for Credit Card details and the like to be wiped / modified before they are ever transmitted.
The JavaScript rules can be put in place at a form, field or outcome level.
Using the MetaData module it is possible to build a rule set to modify data which can be caused to be executed on a scheduled basis. For example: every day, wipe records that have not been interacted with in more than 6 months.