General Data Protection

Navigation:  »No topics above this level«

General Data Protection

 Previous pageReturn to chapter overviewNext page

 

CleanLink Site Manager helps you with your GDPR compliance by providing the following functionality:

 

1. Enabling you to record against each staff record your lawful basis for processing their personal data.

2. The ability to record and monitor when staff have exercised any of their key rights under GDPR, (such as the right of access, right to be forgotten, etc),

3. Control whether a staff member's personal data is made available on the CleanLink Mobile App, and/or CleanLink Portal.

4. Control when a staff member's personal data is erased from all of CleanLink's products.

 

Recording the Lawful Basis for Processing of Personal Data

For each staff record that you hold in Site Manager, you should have a lawful basis for the processing that person's personal data. You can record one or more lawful bases for processing personal data either by updating each individual staff record, or by updating multiple records in one operation.

 

To update an individual record, go to Staff > Staff Maintain. Select a staff record and select the Info tab. Then select the General Data Protection Regulations (GDPR) tab, then the Lawfulness tab

 

 

GDPR_Lawful_Processing

 

 

To update multiple staff records, go to Staff > GDPR Compliance Manager. This process helps you with your GDPR Compliance by enabling you to select a number of staff records using a variety of GDPR and other fields, and then to perform updates to their GDPR fields or control what happens with their personal data. The aim is to make the process of multiple staff records quick and easy to do.

 

The first part of the process helps you select the staff records that you want to modify (Step 3). You can then chose to modify their records as follows:

 

1) Modify the Lawfulness of Processing fields

2) Control whether staff records are included in exports to the Mobile App and/or the Portal.

3) Chose either to fully or partially erase personal data associated with those staff records.

 

For example, you might select records for all people that left your employment more than 4 years ago and perhaps choose to partially purge some of their personally identifiable data, having determined that you no longer have a legitimate interest in keeping it, but whilst also recognising that you must continue to retain some of their personal data in order to comply with other legal obligations. Similarly, you could use it to identify requests for the right to restrict processing and if you agreed, you could prevent those staff records from being sent to the Mobile App and/or the Portal.

 

PLEASE NOTE:

 

1) Before you run the GDPR Compliance Manager, we advise you to back up your data first. This is in case personal data is inadvertently erased and once it's gone - it's gone!

 

2) Each Staff record must have at least one Lawfulness of Processing flag set in order to be included in the Staff Report, or exports to the Mobile App and the Portal.

 

 

Follow the instructions on the screens to select which staff records you want to change:

 

GDPR_Mgr_1

 

 

 

GDPR_Mgr_2

 

 

 

GDPR_Mgr_3

 

 

 

GDPR_Mgr_4

 

 

 

GDPR_Mgr_5

 

 

 

GDPR_Mgr_6

 

 

 

 

The Setups > Setups & Defaults > Defaults screen has been modified to include defaults for the Lawfulness of Processing flags for new staff records.

 

GDPR_Defaults

 

Managing Staff Requests on their Personal Data

 

If a member of staff elects to exercise their rights with regard to the processing of their personal data, you can record and update such requests via the Info > General Data Protection Regulations (GDPR) tab on the Staff Maintain screen

 

GDPR_Request

 

There are separate sub-screens to enable you to record individual requests for:

 

The Right of Access

Use the Staff Details Report / Output PDF to provide personal data.

 

The Right to Rectification

Use the Staff Details Report / Output PDF to provide personal data.

 

The Right to Erasure

Use the GDPR Compliance Manager to purge the staff record of personal data.

 

The Right to Restrict

Use the  'Exclude from Mobile' and 'Exclude from Portal' checkboxes on the Staff Name screen, if deemed appropriate.

The Mobile > Send Data to Mobile export has been modified not to include staff records that have no flag set for Lawfulness of Processing and to exclude records for staff that the 'Exclude from Mobile' checkbox selected, and that have not left.

The Mobile > Send Data to Portal export has been modified not to include staff records that have no flag set for Lawfulness of Processing and to exclude records for staff that the 'Exclude from Portal' checkbox selected, and that have not left.

 

Right to Data Portability

Use the Staff Details Report / Output PDF to provide personal data.

 

Right to Object

 

 

Deleting Personal Data When No Longer Required

When running the GDPR Compliance Manager process, you can elect to fully or partially purge personal data from staff records.

 

The Partial Purge option removes data from the following fields:

 

Home telephone

Work telephone

Mobile number

Email address

Bank name

Bank branch

Bank sort code

Bank account

Account type

Account name

Bank roll no

Available times

Has transport

Preferred area

PIN reference

Number of colleagues available

Image file path

Marital status

Age discrimination letter

Proposed retirement

Nationality code

Ethnic code

Passport number

Disability

Next review date

 

 

The Full Purge removes the rest of the staff data, sets the staff name to GDPR Removed and deletes the following data and files:

 

Staff notes

Links to Documents

Notes log

Starter info

Starter questions

Amendments log

Review details

Review signatures

Questions/leavers

Qualifications

P45

P46

SMP

SSP

Holiday log

Holiday accruals