Data Processing

Legal disclaimer

The information in this article is for general guidance to the Data Processing app only. The application and impact of GDPR can vary wildly on a case-to-case basis. As such, this document is NOT a substitute for consulting with professional legal advisers. Consult a legal professional before taking any action.

The Data Processing app allows you to create activities and collect consents, in order to comply with the General Data Protection Regulation (GDPR) which was adopted in April 2016 and became enforcable on May 25th 2018.

With the Data Processing app you can:

  • Create Activities – e.g. Newsletter Consent
  • View Consents collected from the Extranet app and the Forms for Editors app

An activity is a convenient way for you to create clear, concise and granular positive opt-ins – for instance:

  • Consent to receive email newsletters,
  • Consent to using previous orders to show relevant products
  • Consent to use age, gender & nationality to show personalized content

A consent is a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Or in other words; the user must be informed about precisely which data you want to use, why you are collecting it, and what you want to use it for, and must actively elect to give consent to that activity – a consent cannot be collected using e.g. pre-ticked boxes or other methods for default consent. Consents are collected from e.g. the Forms for Editors app.

For more information on GDPR in Dynamicweb, please visit this page.

Do I have to use this app for consents?

No, consents don’t have to be stored via the data processing app to be valid – if you obtain consent from other sources – e.g. a phonecall - you can simply create a set of relevant custom user fields and store the information in there. The Data Processing app is simply a convenient location to store consents obtained via our apps.

If you store email-consents in custom fields, you will have to use the uncheck these custom fields section on the Dynamicweb users recipient provider to remove consents on unsubscribe, and also create a user query or a smart search which removes users who have not given consent from the list of recipients.

An activity is a convenient way of creating clear, concise and granular opt-in categories – e.g. Consent to receive email newsletters. Activities will always be specific to your business and data flow.

To create an activity:

  • Go to Apps > Data Processing
  • Click the Activities node and click Add in the toolbar (Figure 2.1)
  • Add a Name and a Description
  • Save and Close
Figure 2.1 Creating a data processing activity

Once an activity has been created, you can click it and edit or view the activity details (Figure 2.2).

You can see:

  • The activity ID
  • The Name and Description
  • When the activity was created & updated
  • A list of consents received for this activity with the most essential consent information
Figure 2.2 Viewing or ediing an activity

On editing activities

Please note, that a user gives consent to a particular activity as it is worded at the time of consent. If you edit the name or the description of an activity afterwards, their consents are no longer valid.

So unless you are correcting a simple spelling mistake, we advise you to start over and create a new consent every time.

Once you have one or more activities defined, you can start collecting consents  - more on that later.

For each consent, the following must be registered:

  • Who gave consent
  • What they consented to
  • How they consented (e.g. via website form, on phone, via email, etc.)
  • When they consented or withdrew consent

Consequently, for each consent we register the following:

Field

Values

Comment

Activity ID

The ID of an activity in the Data Processing app

 

Subject ID

AccessUser ID/email/checksum

For logged in users, this is their AccessUser ID. For anonymous users it is either an email (if we know it, from e.g. a form) or a checksum if we don’t.

Subject Type

User/Email/Visitor

Logged in users have ’User’, anonymous users where we know the email have ’Email’, and a truly anonymous users have ’Visitor’

Status

Given/Withdrawn

 

Request user host address

An IP address

 

Request user agent

User agent details

 

Created date

Date & Time

 

Updated date

Date & Time

 

Checksum

Checksum value

 

Consents can be browsed from the Consents view (Figure 3.1) inside the Data Processing app. You can also view consents for a specific activity by opening that activity, as described above.

Figure 3.1 A list of consents

Consents can be collected from the following places:

In short, each app instance can be associated with a consent activity – and when the user is edited/created or submits a form, the consent is then saved to the consent lists described above.

At present, the Consents which are stored and managed using the Data Processing app are only used in Email Marketing.

To automatically check for consents when sending emails using the Email Marketing tool:

  • Create an email
  • Switch to the Advanced tab
  • Click the Recipient Provider button
  • Select the Dynamicweb Users recipient provider
  • In the Recipients section, select the appropriate consent activity (Figure 5.1)
Figure 5.1 Using consents in Email Marketing

Once this option has been selected, the list of recipients will be automatically filtered to check for consent instead of the Email Permission checkbox of old.