This page is about the tools OpenRMA offers to help you comply with the GDPR. If you are looking for information on how we are GDPR compliant with YOU (our users), please visit this page: GDPR - OpenRMA and Your Business
This article describes several principles of the GDPR which may apply to your use of our services:
- Specific and Unbundled Consent
- Data Portability
- Right to Erasure (aka Right to be Forgotten)
- Breach Notification Policy
- Supporting Documentation
Specific and Unbundled Consent
Under the GDPR, you may only process personal data if you have a legal basis for doing so. Although there are a number of legal bases outlined in the GDPR, consent of the data subject is often the easiest to satisfy.
In order to obtain a data subject’s consent to market to them, you cannot default any “opt-in” fields for consent to “consent.” If you want to store someone's information for general processing of their data, you should ask for that (or make sure you meet another legal basis for such processing). If you also want to use the personal data to market to them, you need to separately (unbundled) ask them to opt-in to that use.
We have provided a few features to help you track user consent, as described in more detail below.
Initial Setup & Creating a Customer
First, head to Settings > GDPR Support and click “Enable GDPR Support” to enable it.
We have provided some sample text so you have an idea of what belongs in this message.
After you have enabled the changed the Consent text that you need, you will notice two new fields on the “New Customer” screen.
If you don't check the first box that says you have their consent to at least store their information for normal business processes, the form won't be valid to continue.
If you don't check the second box "Customer consents to electronic communication" then you wont be allowed to SMS or Email the customer for their repair progress via our platform. A “Consent” record is stored in the database permanently for your future reference. The consent record will store the date and time, the communication method note you provide (ex; “verbally consented”), and a copy of the actual text they agreed to. You can see the customer consent history from the Actions button on the right corner when viewing a customer from Customers Management section and then View customer log link.
Modifying a Consent
You can also modify a consent in the event that a customer contacts you and says they want to change their mind about a consent. To adjust a consent, head to the Customer Management screen and change the consent optionsand click save.
Data Portability
A data subject should be able to get a "portable" (machine-readable format) copy of the personal data you're storing about them whenever they desire.
You can email us in support@openrma.com and we will send you electronically your data in a file.
Breach Notification Policy
The GDPR requires that data controllers notify the supervisory authority of a personal data breach “without undue delay and, where feasible, not later than 72 hours after having become aware of it.”
We don't provide a tool for this, but if OpenRMA is breached, you can be sure we will report to you in accordance with the GDPR. We can't offer specific legal advice here, but you may want to have a policy ready that says how you will respond to a breach.
Supporting Documentation
If you store personal information in online systems you should maintain a list of them for others to see and understand where their data is. OpenRMA will publish a list of relevant hosts and services online here. You may refer your Customers to this or create your own pages.