Within Mercury we have tools to help your business manage General Data Protection Regulation, known more commonly as GDPR.
Data Consent
If you need to capture that data consent has been given, we have a feature on the Contact record where this information can be logged.
Go to the Related tab.
Select Data Consents:
Consent Purposes can be created in the system to fit your requirements.
As a default, the system will enter in a Consent Expiry date of 15 months later. This default can be manually changed, deleted or the default can be altered on request.
A dashboard could be built in order to see a list of consents that are due to expire.
Once the record is saved, the following field appears:
If the contact has withdrawn their consent, it is likely that you will be removing them from the system.
Data Removal Request
On the toolbar of the contact record, there is the following icon:
Click the icon, and the following Quick Create appears:
When this is completed, it will update the fields on the Further Information tab for auditing purposes.
When first joining Mercury, at project stage, there would have been the option to set up an automated email to be sent to the contact when the Data Removal button is used. It may be worth asking if this has been set up. If it has not and it is something that would be useful, please ask your System Administration/Mercury contact to liaise with your Customer Success Manager (CSM) at Mercury.
Data Request
This works in the same way as the Data Removal Request:
The following is already filled in but can be amended:
The following is updated on the Further Information tab:
As with the Data Removal Request, this may have or could have an automated email sent to the contact when used.
Managing Data Removals and Data Requests
To manage such requests, there is a Data Protection dashboard. This dashboard will only be visible to users who have been appointed as Data Protection Officers (internally). They will be given a security role which allows them to view this dashboard under the list of Standard System dashboards.
As seen above, it will display all the requests in the dashboard.
The DPO (Data Protection Officer) will then work through and once a contacts data has been issued or data has been removed, go to the Further Information tab on the Contact record and complete the Data Removed or Data Request Provided field. This will then remove the entry from the dashboard.