Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Panel | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Scroll export button scope current template-id c9a14909-8f27-452d-bca0-164bee1a9265 caption Download this Page add-on Scroll PDF Exporter
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) to give users more control over their personal data.
SummitAI Application is Now GDPR-Compliant
The SummitAI application complies to GDPR rules. Under GDPR regulations, the users need to provide their consent to allow other users to view their personal data. After the user acceptance, the personal data will be stored in the SummitAI application in an encrypted form. The following fields are considered as personal data, encrypted, and stored: Joining Date, E-mail ID, Login ID, Country, Address, Contact Number, Mobile Number, State, City, Pin, and Role. If any of these fields are blank, data for the blank fields will not be encrypted and stored.
Note | ||
---|---|---|
| ||
|
GDPR Configuration
A new GDPR CONFIGURATION page (Admin > Advanced > GDPR > GDPR Configuration) is added in the SummitAI web application. On the GDPR CONFIGURATION page, the following sections and tabs are added:
GDPR STATUS INFORMATION section
There will be an Application downtime on disabling GDPR. The downtime depends upon the amount of user data in the Application.
LOCATION MAPPING tab
Under the LOCATION MAPPING tab, the Administrators can enable GDPR only for a selected location by specifying the Domain and Location. Location is dependent on the selection of Domain.
The following scenarios describe the Location mapping:
- If GDPR is enabled and Location is mapped, then GDPR is enabled for the users of the mapped Location. If the user is not mapped to any location, then GDPR is not applicable.
- If no Location is mapped and GDPR is enabled, then GDPR is enabled for all the users of the Application.
- If GDPR is enabled and only one Location is mapped, and then that Location is made inactive, then GDPR is not applicable for users from any Location.
ADMIN MAPPING tab
Under the ADMIN MAPPING tab, the Administrators can be added. The Added Administrators will be notified upon accepting or declining GDPR.
Note | ||
---|---|---|
| ||
After GDPR is enabled, it it required to configure at least one user as an Administrator under the ADMIN MAPPING tab. |
MESSAGES tab
Under the MESSAGES tab, the Administrators can select any pop-up message (GDPR Acceptance, GDPR Re-acceptance, Enabling/Disabling GDPR) related to GDPR and edit the Title and content of the selected Message.
Note | ||
---|---|---|
| ||
While editing the message displayed on the GDPR Re-acceptance pop-up window, if you remove the ##DeclinedOn## keyword, the last date and time when GDPR was declined, is not displayed. |
Figure: GDPR CONFIGURATION Page
For more information about configuring GDPR, see Configuring GDPR.
Anchor | ||||
---|---|---|---|---|
|
To enable GDPR, please contact the SummitAI Support Team.
GDPR End User Flow
Image Added
Figure: GDPR End User Flow
Following are the steps to accept or decline the GDPR CONSENT FORM:
- After user Sign-in in web application, if GDPR is enabled, you are redirected to the GDPR CONSENT FORM. Accepting this consent by clicking the ACCEPT button is considered that you are agreeing to display your personal data to the Analysts and Administrators of the SummitAI application.
Image Added
Figure: GDPR CONSENT FORM - The following pop-up window with a confirmation message is displayed, when you click ACCEPT button. Image Added
Figure: GDPR CONSENT FORM - ACCEPT pop-up window - If you click OK on the GDPR Consent Form - ACCEPT pop-up window, you are redirected to the home page of the SummitAI application. Below mail will be sent to user. If you click Cancel, the control remains in the GDPR CONSENT FORM screen.
Image Added - If you click DECLINE on the GDPR CONSENT FORM, your personal data will be wiped out from the SummitAI database records. The following pop-up window with a confirmation message is displayed, when you click DECLINE.
Image Added
Figure: GDPR Consent Form - DECLINE pop-up window - If you click OK, on the GDPR Consent Form - DECLINE pop-window, you will not be able to use the SummitAI application anymore. The next time you try to use the Application, you will receive the GDPR Consent Form pop-up again. Click ACCEPT to allow displaying of your personal data and continue to use the Application. Below mail will be sent to user and administrator.
Image Added - If the user tries to log in to the SummitAI application after declining the GDPR CONSENT FORM, the pop-up window given below is displayed.
Image Added
Figure: GDPR Consent Form Declined - Accept Now? If you click OK on the GDPR Consent Form Declined - Accept Now? pop-up window, you will be redirected to the GDPR CONSENT FORM. If you click Cancel, you will be logged out of the SummitAI application. The below mail will be sent to user.Image Added
Impact of Enabling GDPR
Impact to Users
If GDPR is enabled, the users will receive a GDPR Consent Form to accept or decline to display their personal data in the Application. If they accept, the user personal data is encrypted and stored in the SummitAI database, and the users can continue to use the Application. If the users decline to display their personal data, their personal data is wiped out from the Application and they can no longer use the Application. They can try to access the Application again, however, they must accept the GDPR Consent Form to use the Application.
Note | ||
---|---|---|
| ||
When the user clicks DECLINE, apart from the configured details, all other user information is cleared from the SummitAI Database using the following key: <Enter key here>"GDPR_RetainColumns". By using the above key the required column inputs can be retained. Example: Based on your column configuration, the inputs can be provided in the web.config file to retain the information, such as frm_UID, NT_UID, e-mail ID etc. To configure, please contact the SummitAI Implementation Team. When the user tries to log into the SummitAI application after declining the GDPR CONSENT FORM, a message informing that the user had previously declined the GDPR CONSENT FORM is displayed on a pop-up window. If the user clicks Yes, the user gets the GDPR CONSENT FORM. If the user clicks No, the user is logged out of the SummitAI application. When the user accepts the GDPR CONSENT FORM after declining it, the user’s personal data is either updated (encrypted and stored) by the Administrator, or the user’s personal data is synched up and displayed in the next Application refresh cycle. |
Impact to Application
By enabling GDPR, the Application takes formal consent from the users about displaying their personal data to the Analysts and Administrators of the Application (or users having access to reports). The personal data is encrypted and stored in the SummitAI database.
Note | ||
---|---|---|
| ||
There will be an Application downtime on enabling GDPR. The downtime depends upon the amount of user data in the Application. The users will experience slower Application performance on pages, having user information, after GDPR is enabled. |
Mobile Application
If the user logs in from Mobile Application, and the user hasn’t accepted the GDPR Policy in Web, then the below message is reflected on the mobile app:
"Please click Accept in the GDPR Consent Form in the SUMMIT web application to continue to use the SUMMIT Mobile app."
Anchor | ||||
---|---|---|---|---|
|
To disable GDPR, please contact the SummitAI Support Team.
Impact of Disabling GDPR
Impact to Users
If GDPR is disabled, the users will not receive any consent form to accept or decline to display their personal data in the Application.
Impact to Application
The user personal data will still be stored in the Application, but will not be encrypted.
Note | ||
---|---|---|
| ||
There will be an Application downtime on disabling GDPR. The downtime depends upon the amount of user data in the Application. |
Known Limitations:
After GDPR is enabled, the personal data is stored in the following way:
- If GDPR is enabled, the columns that are encrypted (Example: Email ID, Address, etc.) and replicated to DN reporting tables will not contain the actual data. In place of the data the following string will be shown *****.
- Any personal data and any report that is using the DN tables will not show the actual data. Instead, the following string is shown *****.
- The existing data in the columns that store the personal data will be retained when there is a switch in the status of GDPR. For example, if GDPR is enabled, old records will still have e-mail id in the DN tables in plain text. But, the new records will be stored with the following string *****.
GDPR Status Report
A new GDPR STATUS REPORT page (Reports > Click Select Module drop-down list> Select module as Admin > Select GDPR Status Report from the REPORTS drop-down list) is added. The GDPR Status Report gives detailed information about which users have Accepted GDPR, which users have declined GDPR, which users have accepted GDPR after declining it, and which users have taken no action. On the FILTERS pop-up of the GDPR STATUS REPORT page, the following new fields are added:
- GDPR Status
- Domain
- Location
- User Name
Users can select the status type, for which they want to view the GDPR Status Report, from the GDPR Status drop-down list. The users can also select the Domain and Location for which they want to the view the GDPR Status Report. The users can view the GDPR Status Report for a particular user by searching the user’s User Name/E-mail ID in the User Name field.
Figure: GDPR STATUS REPORT
Scroll ignore | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
|