Due to the upcoming General Data Protection Regulation (GDPR), we have done a couple of changes to make it easier for you as customer to be compliant:
- We have added a new function for requesting users consent. This is only relevant if you have users in system where you do not have any other legal basis for data handling, for example external users. Users that should be covered with this consent need to belong to a group with a setting activated (Require consent to GDPR). Any user that belongs to a group with this setting enabled will automatically be prompted next time the log in. They will not be able to use the system unless the accept the terms. If they answer No, their account will be inactivated, and they will be logged out automatically. If they answer Yes, system works as normal. As administrator, you can use the user search page to find users that has not given consent, for example if you want to send them an e-mail with a link to the portal.
- We have added a function that automatically inactivates user that has not been logged in to portal for a configurable amount of time. Contact Netcompetence if you want to activate this function.
- We have added a new page with information about GDPR. The purpose of this page is to give your users information about your data handling policy. It also gives the users possibility to request to
1. get incorrect information about them corrected,
2. get data about them extracted
3. be removed from system.
All requests will be automatically sent to the data processing officer in your organisation.
This page is fully customizable so we encourage all of you to change the information according to your policies.
- We have added a system setting that should contain information about who is the data protection officer (DPO) in your organisation. This information must be provided, so that the other gdpr-functionality will work. The name and e-mail address of the DPO will be presented on the new GDPR-information page and also on the page where users are prompted to give consent to dataprocessing. It is the DPO that will receive e-mails on requests made from the new GDPR information page.
- Thanks to GDPR-requirements, we have made it possible for users to see who have opened meetings about them. Previously the log was only available for the administrator and the manager the user had the meeting with. Now there is a new button added in the meeting page so that user themself can see the opening log.
- We have made it more clear whom a meeting is about, and who the meeting is with. It is important from a GDPR's point of view that there is no doubt about this. We have also changed the meeting list that previously mixed meeting about me and with me into 2 separate lists. With this change we also prevent people that have access to see meetings about you to not automatically see meetings that you've had with others.
- From now on, generated meetings will be locked for other than the user who was intended for the meeting. This is due to GDPR. For example, if a manager have a meeting with an employee, and that employee get a new manager, the new manager will by default not be able to see the meeting with the previous manager. To enable this, the meeting needs to be manually unlocked.