Config Option: GDPR Contact Data Access or Data Removal Request

Understand the config option for actioning a Contacts instruction for a copy of their data or to be deleted.

 

Feature Overview

Under GDPR legislation, a contact may request to a consultant for either a copy of the data you hold on them, or to have their data removed from Mercury.  To action either of these, there are 2 buttons on the ribbon that can be used, “Data Request” and “Data Removal Request”.  Clicking these buttons will 

  1. Log the date and time of the request in the relevant fields on the Contact Further Information tab
  2. Set a ‘Due’ date by which the request must be actioned which is a configurable number of days after the request date
  3. Send an email to the Contact confirming the request has been received
  4. Log a Data Consent Change activity on the Timeline of the Contact
  5. Add the Contact to the ‘Data Protection’ Dashboard to be action by your DPO (Data Protection Officer)

 

In addition to this functionality in the Mercury core product there are 3 Automations that can be enabled for use by your DPO;

  1. 'Data Consent Change Notification' - This will send a notification to a specified Teams Channel, of which your DPO(s) are members.
  2. ‘Data Subject Request’ - This will export the data held on the Contact to a Word Document.
  3. ‘Anonymise’ - This will replace all personally identifiable information on the contact with ‘xxxxx’.

 

More information can be found at the following links

Adding a Data Request to a Contact

General Data Protection Regulation (GDPR)

Purpose

Ensure that your company is able to comply quickly and effectively with GDPR.

Defaults and Considerations

The Due date is set 21 days after the requested date for both Removal and Data requests. 

 

The confirmation emails will be sent with the following wording:

 

  Subject : Confirmation of Data Removal Request

  Body: 

Hi {FirstName},

We have received your Data Removal Request.

Your data will be removed in due course.

Regards

 

  Subject : Confirmation of Data Access Request

 Body:

Hi {FirstName},

We have received your Data Access request.

Your data will be sent to you in due course.

Regards

 

DPO permissions to access the Dashboard will be granted to your Mercury Administrators.

To Enable or Amend this Feature

This feature will be enabled as standard as per the defaults above.  Should you wish to make any amendments please provide the following details to your Mercury Product Consultant;

  • Amended calculation of days from request date to due date.  These can be different for Data Access requests and Data Removal requests
  • Amendments to the wording of the emails that go out
  • List of additional users that require access to the DPO dashboard

The automations will not be implemented during project but can be requested from your CSM after your hypercare period.