UNDER CONSTRUCTION

If a candidate requests a copy of the information held in the database about them, it is possible to obtain this information by clicking the Data Access Report button on the Person record. The information is displayed in pdf format.

The report GDPR.rtm needs to be saved in the Reports folder.

This report delivers just one candidate’s information.

Note the request for this information is audited.

Once the pdf is displayed it will be necessary to review the report for instances where information needs to be redacted or individual pages removed. (e.g. where information disclosure might affect another person’s right to privacy.) The redaction process is the same process as redacting compliance documents.

Some files may not be suitable for inclusion in the pdf and will be attached to the email when sent to the candidate. It is strongly recommended that each file is reviewed before despatched to the candidate. Clicking email will send the report to the email address held in the candidate record. Therefore, it will be important to ensure this email address is correct.

It is also possible to print the report and sent it to the candidate by mail.

Two emails are sent to the candidate one will be the report and the second will be the password to gain access to the report pdf.

Warning! This is irreversible and will be audited

After receiving and considering a request from a candidate to be forgotten or for their details to be removed the Data Management button on the Person Selector and Person record can be used to modify a candidate’s record.

The Anonymise button anonymises all personal data in the selected record.

Remove Contact Events, Documents, Compliance Documents, CV, Photo, Progress/Shortlist, Availability/Holiday, Contact Details for the selected record.
Remove Contact Events Before Date - Removes Contact Events in the selected record before a set date. Note it needs the Remove Contact events button ticked.

Delete All (if no shifts and placements) - Removes All, if no shifts and placements are saved against the Person record.

The Candidate’s audit trail will also be deleted. The candidate record title will be changed to the candidate’s personid.

{{:2-17-10-l.png|}}

{{:2-17-10-m.png|}}

There may be areas where personal details may be stored on the person record and placement records, where they exist.

It is recommended that these locations like Person – Notes are manually reviewed at the same time as anonymising to ensure the maximum possible anonymising of data.

In preparation for the implementation of the GDPR regulations we have been working toward limiting casual access to personal data.

Complete bank account numbers can be obscured. Users will be able to see the last four digits of the account number for confirmation purposes.

To set up access the Data Access Report and Data Management buttons the user needs to have the ‘Can use GDPR functionality’ role set up in Maintenance – User – Roles.

The report GDPR.rtm needs to be in the Reports folder. Please contact IQX for a copy of this report.

A report request is logged in Database Diagnostics- Audit trail.

The report pulls information from Person and Pay_employee tables.

Warning – the delete and anonymising features will make recovery of accidentally anonymised/deleted information difficult and in some cases expensive to recover.

Setting up access for the Data Management button is via a specific GDPR user role.

Use of this button and any actions in the subsequent view are audited and logged.

To check logging insert

select * from datamanagementlog order by whenentered

into SQLTool.

To obscure bank account numbers go to Maintenance – General Settings – Privacy – Star start of Bank Account Number and set the values to ‘Y’.