Config Option: GDPR Contact Data Request or Data Removal

Understand the config option for actioning a Contacts instruction for a copy of their data or to be deleted.

 

Feature Overview

Under GDPR legislation, a contact may request to a consultant for either a copy of the data you hold on them, or to have their data removed from Mercury.  To action either of these, there are 2 buttons on the ribbon that can be used, “Data Request” and “Data Removal Request”.  Clicking these buttons will 

  1. Log the date and time of the request in the relevant fields on the Contact Further Information tab
  2. Set a ‘Due’ date by which the request must be actioned which is a configurable number of days after the request date
  3. Send an email to the Contact confirming the request has been received
  4. Log a Data Consent Change activity on the Timeline of the Contact
  5. Add the Contact to the ‘Data Protection’ Dashboard to be action by your DPO (Data Protection Officer)

 

In addition to this functionality in the Mercury core product there are 3 Automations that can be enabled for use by your DPO;

  1. 'Data Consent Notification' - This can message a specified Teams Channel of which your DPO(s) are members of.
  2. ‘Data Subject Request’ - This will export the data held on the Contact to a Word Document.
  3. ‘Anonymise’ - This will replace all personally identifyable information on the contact with ‘xxxxx’.

 

More information can be found at the following links

Adding a Data Request to a Contact

General Data Protection Regulation (GDPR)

Purpose

Ensure that your company is able to comply quickly and effectively with GDPR.

Defaults and Considerations

The Due date is set 21 days after the requested date for both Removal and Data requests. 

 

The confirmation emails will be sent with the following wording

  Subject : Confirmation of Data Removal Request

  Body: 

Hi {FirstName},

We have received your Data Removal Request.

Your data will be removed in due course.

Regards

 

  Subject : Confirmation of Data Request

 Body:

Hi {FirstName},

We have received your Data Request.

Your data will be sent to you in due course.

Regards

 

DPO permissions for access to update the fields  will be granted to your Mercury Administrators

 

The automations will not be implemented during project but can be requested from your CSM after your hypercare period.

To Enable or Amend this Feature

This feature will be enabled as standard as per the defaults above.  Should you wish to make any amendments please provide the following details to your Mercury Product Consultant;

  • Amended calculation of days from request date to due date.  These can be different for Data requests and Data Removal requests
  • Amendments to the wording of the emails that go out
  • List of additional users that require the DPO permissions