GDPR Compliance Enhancements
The European Union General Data Protection Requirements (GDPR, 2016/679), becomes enforceable on 25 May 2018. We've been working hard behind the scenes to ensure enhancements to SMARTABASE thatsupport the GDPR requirements are in place.
What is GDPR?
The GDPR addresses the protection of data belonging to European Union residents by extending the scope of EU data protection law to include foreign companies who process this data. Companies must not process EU residents’ personal data unless there is a lawful basis to do so, additionally all EU residents must be fully informed regarding the data handling/ processing Terms of Service and give specific consent for one or more specific purposes.
What are the changes to SMARTABASE?
The new laws require amendments to our current legal documentation with all EU customers as well as an update to Fusion Sport Terms of Service on our platform which all users must accept before using the software (post May 2018).
SMARTABASE sites that deal with personal data belonging to EU residents should now require those user’s consent to personal data processing. Because consent must be explicit with regard to the nature of the data collected and its purpose, each organisation is required to tailor their own Terms of Service for their SMARTABASE site as data use and handling varies on a site by site basis and is under the control and design of the organisation.
As a result organisations must have their own Terms of Service which will be able to be applied by user / Role in their SMARTABASE site. To meet this requirement and to ensure SMARTABASE is able to be GDPR compliant we have added:
- A feature to turn on ‘Requires Terms Acceptance’
- An admin tool to accept editable Terms of Service by Role with built in archiving and a trackable audit trail of user’s acceptance(s) data audit logs
- A customisable consent process to SMARTBASE’s login procedure for users
The following document outlines how to:
- Enable the new consent workflow on the Builder Interface
- Set up one or more consent documents (Terms Document ) on the Admin Interface
- Apply a Terms Document to a Role on the Admin Interface
- See how it appears on SMARTABASE
- Archiving Terms Documents and ensure you have a live Terms Documentset up correctly.
STEP 1: Create a Term Document with SMARTABASE's Terms Document Module, contained in the Administration Interface
When this module is openend, a list of any existing Terms Documents will appear to be viewed or edited.
To create a new Terms Document click on Create new Terms Document
The Name and Description need to be clearly labelled. Note, the Name and Description fields these do NOT appear on the actual consent page on SMARTABASE, they only appear in the Terms Document list as seen here.
The Name field is used when assigning a particular terms document to a user's Role, so it needs to be clearly identifiable.
Each Terms Document should include in its description when it was created to ensure that its use can be tracked.
The Terms text area is where you paste the actual terms that will appear (this needs to be formatted in html).
Please access the following link for an example and utilise the template provided to ensure the use of supported html tags.
When adding a new terms document, DO NOT tick the Archived checkbox. This function should only be used when a terms document is retired (see below).
A terms document cannot be edited once it has been saved, so do not click the Save button unless the terms are complete and correct.
Because each Terms Document is a legally binding agreement, they cannot be changed once they are uploaded. This means that as SOON as you click on Save, the terms will be locked. The text will NOT be editable again and you CANNOT delete terms either!
Note that a Terms Document , once saved, must also be assigned to a Role to become useable during the login process.
When a Terms Document has been finalised and saved, you are able to assign it to a Role.
For this example, we are assigning the Terms Document to an Athlete Role. Note, that in this example, this Role already has a Terms Document assigned to it as the user needs to consent to the standard terms AND also this new Terms Document specifically developed for athletes (as highlighted in the image in the steps below).
A Terms Document can be assigned to multiple Roles. If a user has multiple Roles with the same Terms Document assigned, they will ONLY have to consent to the terms once.
Multiple Terms Documents can be applied to a single Role (as shown here). This means that when a user logs in, any new and/or unsigned documents will appear for consenting.
STEP 2 Activate Terms Module
WARNING: Before this functionality is enabled, it is necessary to create Terms Document/s.
STEP 3: Check and test end user login
When a user with a Terms Document assigned to their Role logs in, they will need to read and accept these terms.
As a user logs in, the Terms page will appear and display any Terms Documents for which the user has not yet given consent. Each Terms Document is displayed on its own screen and must be consented to separately.
For this example, as there is more than one Terms Document, as soon as the first one (above) is accepted, the next (shown below) will appear automatically.
WARNING: A user will NOT be able to log in if there are no Terms available for their consent. User log-in will be prevented if the Terms Module has been enabled on the Builder Implementato but no Terms Document has been set up yet. This will also happen when a Terms Document has not been applied to a user’s Role, or if a Terms Document has been archived (with no live replacement added). Users must be able to consent to a live Terms Document in order to log in and use SMARTABASE.
To avoid this, you must assign a live (non-archived) Terms Document to each Role.
Once a terms document has been assigned to this athlete’s Role in order for the athlete, who could not login previously, to consent and login.
Now, the user can consent to the Terms and log in.
STEP 4: ARCHIVING A TERMS DOCUMENT
Terms documents cannot be edited or deleted, so when a particular terms document needs to be replaced or revised, it is necessary to archive the old terms document and replace it. Replacing or revising terms means users with that Role must consent to the new or updated terms.
Using the Archived check box for a Terms Document retains the link between the terms document and any Roles it was assigned to, but means that this terms document will no longer be useable.
Archiving is an important feature: a Terms Documentshould only be archived when a replacement has been finalised. This can be a complete replacement or revision of existing terms (as a new Terms Document).
Archiving keeps the old Terms Document for auditing purposes.
The SMARTABASE audit trail module tracks which users consent to each Terms Document and when this occurred. This information is tracked by SMARTABASE but is not currently visible to end users.
Note that for any Role/s that have had a Terms Document archived, any users subsequently added to that Role will NOT have to (or be able to) accept archived terms documents; itsimply won't appear.
Make an Archived Terms Document live again
A Terms Document may be re-enabled for use by unticking the Archived button. This effectively means that any users who have already given consent to this specific Terms Document do not have to re-consent. Instead, it will only appear on login for any users in the assigned Role/s who have not given consent to this specific Terms Document.
If your organisation uses SMARTABASE’s registration feature, PLEASE ensure any default Roles have a Terms Document assigned. If this is NOT set up, newly registered users will not be able to login.
The example here shows that a new user is registering
Once the user click register, the site automautically return the user to the login screen.
The user needs to enter their new login details (username and password) and then follow the login process. Once Login is selected, the appropriate Terms and Conditions will appear for the newly registered user to consent to.
N.B. If No terms are assigned to the default role (set up as part of the registration process), they will NOT be able to login.