GDPR features
This document describes how Autowork Online satisfies General Data Protection Regulation (GDPR) requirements being introduced on May 25th 2018. In particular, it addresses the requirement for consent, and the right to be forgotten.
Specifically, for Autowork Online, this relates to the customer contact preferences and the fact that customers must now have to opt in to receiving communications, rather than providing them with an opportunity to opt out.
To assist in achieving this, new customers will be created with a default set of preferences, which can be defined on a per-tenant basis.
In User Options & Settings, the following panel can now be found, displaying the new default values:
Note that when upgrading to this software version, for UK systems these values will all to default to “off” (unchecked), and for others these values will all default to “on” (checked). The defaults can be changed as the example above demonstrates.
Each new customer that is added to the system will automatically be given the preferences as set via User Options & Settings.
As before, it is possible to check or uncheck the options based on the individual customer’s preferences.
The options can be found on the customer record, and also on the customer Contact Details popup.
If a customer does not have any contact preferences set, this is now indicated by an icon displayed next to the customer name:
Customers have the right to have their personal details removed or redacted from stored data.
Records cannot simply be removed since they may be related to others, and those related records may be needed to be retained for finance purposes or reporting, for example. For this reason, when a customer requests to have their personal details removed from the system, those details will instead be redacted by being overwritten.
This process will be referred to as “being forgotten”.
It should be noted that this is a UK only feature, and a customer cannot be “forgotten” if there is an outstanding balance on their account, or if they have invoices or credit notes that are less than 7 years old.
A customer can only be forgotten by using the Customer Database page. This allows access to the feature to be controlled by a password.
To forget a customer, it is necessary to first find the customer record.
A new action button, Forget Customer, has been added to the Customer Database page:
Note that the ‘CASH’ customer cannot be forgotten:
When the Forget Customer action button is clicked, the currently displayed account is checked to determine if it can actually be forgotten or not.
If a customer has an outstanding balance, the following message is displayed:
In many cases the following message is likely to be displayed (based on the assumption that their invoice records will often be less than 7 years old):
If a customer can be forgotten, a warning is displayed:
If the Forget button is clicked, the customer will be forgotten and the following confirmation is message displayed:
Below is an example of a customer record prior to be forgotten, and the same customer after being forgotten.
