GDPR Compliance in Ideas Portal

Under GDPR rules we need to be able to capture "Consent" for the holding of personally identifiable data. As we are able to hold Name and Email addresses, this constitutes PII. 

As part of the portal therefore we need:

1) the ability to add a consent statement when people register for the portal or add ideas

2) The ability to capture the fact they have given consent and the date

3) the ability to delete people who have registered for the portal 

4) the ability to provide a report of what information we hold about a person when we receive a subject access request.

  • Ben Bishop
  • Feb 12 2018
  • Already exists
  • Attach files
  • Admin
    Chris Waters commented
    February 15, 2018 22:38

    Here are the answers to your requests:

    1. Since registration for an idea portal is a explicit act it is not clear that any separate consent is necessary. The personal information entered into the portal (name and email address) will not be used by Aha! for any other purpose.
    2. The date of signup for the portal is captured.
    3. Idea portal users can be deleted by Aha! upon request.
    4. A report on information stored about a person can be provided by Aha! upon request.