We have created a number of tools to assist you in dealing with GDPR requests. The tools are only available to those who have been given the relevant user role, if you are unable to see the buttons then please speak to your System Administrator.

If a candidate requests a copy of the information held in the database about them, it is possible to obtain this information by clicking the Data Access Report on the GDPR button menu on the Person record. The information is displayed in pdf format.

Once the pdf is displayed it will be necessary to review the report for instances where information needs to be redacted or individual pages removed. (e.g. where information disclosure might affect another person’s right to privacy.) The redaction process is the same process as redacting compliance documents.

Some files may not be suitable for inclusion in the pdf and will be attached to the email when sent to the candidate. It is strongly recommended that each file is reviewed before despatched to the candidate. Clicking email will send the report to the email address held in the candidate record. Therefore, it will be important to ensure this email address is correct.

Two emails are sent to the candidate one will be the report and the second will be the password to gain access to the report pdf.

It is also possible to save and print the report to send to the candidate by post.

A contact event can be created to record when a Data Access Report is either emailed, saved or printed. These Contact Event will be saved in Person Contact Events.

Where a Data Access Report is sent electronically and provided a GDPR Contact event has been set up the pdf password will be saved in a Contact Event.

Warning! This is irreversible and will be audited

After receiving and considering a request from a candidate to be forgotten or for their details to be removed the GDPR - Data Management drop down on the Person
Record and in the Data Access Report view can be used to modify a candidate’s record.

The Anonymise option anonymises all personal data in the selected record. The candidate record title will be changed to the candidate’s personid.

There may be areas where personal details may be stored in text on the person record and placement records. It is recommended that these locations like
Person – Notes are manually reviewed at the same time to ensure the maximum possible anonymising takes place.

The Candidate’s audit trail will also be deleted.

In preparation for the implementation of the GDPR regulations we have been working toward limiting casual access to personal data.

Complete bank account numbers can be obscured. Users will be able to see the last four digits of the account number for confirmation purposes.

A new field is available when adding documents which allows the setting of a deletion date for that document. For example when a certification has expired.

Running the PurgeDocuments.xml from your XML folder will delete documents with a deletion date prior to the current date.

Deletion dates can be specified for documents already added to the database as well as new documents.