ClearVantage Online (Version 1.24.00 released May 24th, 2018):
- ClearVantage Online contains two significant new features to help assist with GDPR compliance.
- GDPR Component: Data Subject Rights – Right to Portability. Under the GDPR, data subjects have the right to receive their data in “machine readable format.” There are no specific details beyond this, although it is generally considered that a CSV (comma delimited text file) is sufficient to meet this need. However, as the data in ClearVantage about people is “nested” (e.g., a person’s profile will have main profile info and then have multiple records for dues, invoices, address history, etc.), Euclid has taken the market leading position of providing this Data Subject data in JSON format, which is one of the most widely used formats today.
Exporting a Data Subject’s data is performed from the individual profile in CV Online. There is a new activity button labeled "GDPR Export" (it must be laid out in the form using Edit Layout). When that button is clicked, it creates a JSON packet with all of ClearVantage’s data about that individual. That data packet is downloaded to the CV Online user’s machine. This file can then be emailed to the Data Subject that has requested this data.
- GDPR Component: Explicit Consent. This feature allows staff users to view and edit the Opt-Ins and Opt-Outs. Please see ClearVantage GDPR Compliance Volume 1 to read about Explicit Consent, and to see how members/customers can manage their Opt-Ins and Opt-Outs online.
ClearVantage Office/Desktop Release 9.2.11 (June 6th release):
- GDPR Component: Data Subject Rights – Right to Erasure. This right is commonly referred to as the “right to be forgotten.” This is a complex requirement to understand and to support, as many factors must be considered (including regulatory and compliance obligations). For example, in the US, the IRS requires that accurate financial records (e.g., sources of revenue) be maintained for 7 years, while Germany requires file maintenance for 10 years. Furthermore, organizations have rights to data for accurate record keeping purposes, e.g., to keep accurate lists of event attendees. ClearVantage has been updated to take into account these competing demands. We’ve created a process that is GDPR compliant, and that balances organizational compliance and record keeping needs. Note that this new functionality requires that you have the 9.2.11 release, and that your system has been configured to support this new process. As each organization’s compliance and record keeping rules may vary, rules configuration must be performed via reference table updates.
- When an individual’s record is deleted in ClearVantage, the system will apply the appropriate logic and will walk the user through one of the following three scenarios:
- The record can be deleted. If the person is not an active member or customer, and there is no transactional or important historical data attached to the individual’s record, then the user will be informed that the record can be deleted. After the user confirms the deletion, the record will be permanently deleted. For example, a prospect that only has address changes in his or her history may fall into this category. The rules are determined by the configuration. Default configuration allows the individual record to be deleted if the historical data contains only addresses, education, and marketing campaign participation.
- The record cannot be deleted, and it cannot be anonymized. This occurs when the individual’s record or the transactional history cannot be deleted or anonymized due to compliance or organizational record keeping requirements. For example, if an individual has financial transactions that are less than 7 or 10 years old (generally 10 is the longest required – Germany has the longest required retention period). In this scenario, the user will be informed that the record cannot be deleted or anonymized. ClearVantage will tell the user when the record can be anonymized, and the user can then create an action item to do so on the specified date.
- The record can be anonymized. In this case, the individual has transactional data, but the transaction dates are outside of the required retention periods. In this instance, the person’s record will be anonymized down to the postal code, state and country level. This level of anonymization is sufficient to meet GDPR compliance, while also retaining records for reconciliation and reporting purposes. For example, you can still see member counts by state over a historical period for trend analysis, and your financial reports will still tie up because financial data was anonymized instead of deleted.
- GDPR Component: Explicit Consent. This feature allows staff users to view and edit the Opt-Ins and Opt-Outs. Please see ClearVantage GDPR Compliance Volume 1 to read about Explicit Consent, and to see how members/customers can manage their Opt-Ins and Opt-Outs online.
ClearVantage Reports (apply to both CV Online and ClearVantage Office):
- GDPR Component: Information You Hold. There is a new report in ClearVantage Marketplace under the GDPR section called “GDPR – Information You Hold.” This report goes through your entire ClearVantage database, and it lists the information you hold on individuals in each data table and data field. This provides a good starting point for taking an inventory of and documenting the personal data that your organization has in its records. This only applies to data stored in ClearVantage. In order to fully meet this specific GDPR requirement, you must do an inventory across all of your systems and data.
- GDPR Component: Right to Access. Under the GDPR, a Data Subject has the right to see the data that you have on file for him or her. There is a new report available called “GDPR – Right To Access.” It is not available in ClearVantage Marketplace because it requires some basic configuration (e.g., what data entities and fields to include in the report. There may be data that the organization holds, such as internal notes, that you do not want to share; nor do you have an obligation to share that information. Hence, configuration is required). This report provides similar data to that provided in the “Right To Portability” functionality in CV Online. However, this report can be printed or saved as a PDF, and it can be sent to the Data Subject that requests to know what personal data you have on file for him or her. Note that if your website is powered by ClearVantage, and you have a robust member portal (e.g., shows committee history, event history, transaction history, profile data, etc.), your member portal may already meet the “Right To Access” requirement, and you will not need this report.
ClearVantage Connect:
|
|