Implementation of the Data Privacy Module
Overview
This Help article outlines guidance for implementing the standard Data Privacy module.
Whilst the content below has been prepared to help Invenias customers learn about GDPR, preparing Policies and Documentation required for GDPR Compliance, the features in Invenias have been made configurable so this module can be used to manage your processes whichever jurisdiction you fall under. This guidance material should not be taken as a substitute for legal advice, but we hope they will provide a useful point of reference.
This article outlines the steps to implementing the standard Data Privacy Module. This module is complemented by the Premium Data Privacy Extension which is made available to our customers through the Executive Subscription. Please contact your Invenias account manager if you would like to discuss upgrading. The Steps to implementing the Data Privacy Module are:
- Prepare for GDPR
- Create and Document your GDPR Compliance Policies
- Review the Technical Essentials
- Assemble all your documentation and your email templates
- Enable the Data Privacy module in Systems Preferences & configure settings
- Train your staff in your policies
- Train your staff in the use of the Invenias Data Privacy Module
- Optional - Configure the Premium Data Privacy Extension
Prepare for GDPR
Assemble, inform and educate your internal project team on GDPR, using industry-specific guidance materials & webinars provided by Invenias. Click here to view the full article on Step 1.
Please note we can not give legal or process advice in relation to GDPR, but we are here to help you through the configuration of our module once you've agreed what your policies should be. As you progress through the steps please feel free to contact inveniassupport@bullhorn.com or your Invenias Account Manager with any questions. Please also contact your Invenias Account Manager if you would like to purchase the GDPR Premium feature.
Create and Document your GDPR Compliance Policies
Define your policies and processes, in conjunction with your legal counsel. Create appropriate Policy Documentation. e.g. Privacy Policy, Purpose Statement*.
Review the Technical Essentials
One of the fundamental tenets of the GDPR is that a company must ensure that it has adequate Technical and Organisational measures to protect Personal Data that it holds. Whilst we strive to ensure that the Invenias system provides the highest level of data security, protection and backup, any structure is only as strong as its weakest link. You will therefore need to make sure that your professional users uphold the same degree of attention to basic data security actions that you can expect from Invenias. Click here to read an article that provides some guidance on managing your technical environment to overcome the primary challenges to data security.
Assemble all your documentation and your email templates
The GDPR requires a company to demonstrate they have understood and taken proactive steps towards GDPR Compliance. Click here to review an article that will assist Invenias customers with this requirement. We have provided a sample list of policy Documents which you may be required to complete to support compliance with the GDPR. At the bottom of that article, we have also included a number of Template Documents which can be downloaded and amended to assist with fulfilling this requirement.
Enable the GDPR module in Systems Preferences and setup User Permissions
Click here to review a comprehensive article that covers the process of configuring Invenias with your choice of settings and content for the Data Privacy module.
Train Staff in your Processes
A fundamental principle of GDPR is "privacy by design". This means having thought about and shown your workings for each stage of your processes where personal data is being captured. We would, therefore, recommend training your staff in the affected processes, explaining the reasons that you've made the decisions you have and documenting your training schedules so that you are able to demonstrate that all of your staff have been trained.
Train Staff on the Invenias Data Privacy Module
You'll likely have reviewed this Invenias GDPR Module article earlier in the process which explains how the core features work. Click here to review a User guide that walks you through using the key features of the module including:
- Inform
- Consent
- We've written this dedicated article on responding to Right to be Deleted
- We've written this dedicated article on responding to Data Subject Access Requests
Optional Premium Data Privacy Extension
The Invenias Premium feature allows you to generate branded customisable emails in bulk to people in your database either informing them that their data is being held, or giving them the ability to approve or deny Consent with one click which is immediately synced back to the person’s record, date stamped and tracked for easy management. Click here to access the article that explains this Premium product and also demonstrates how it is configured.