1. Home
  2. /
  3. V12 Documentation
  4. /
  5. Standard Operating Procedures
  6. /
  7. Personal Information Management

Personal Information Management

The primary purpose of the Personal Information Management system in Iptor IP1 is to comply with The European Union General Data Protection Regulation (GDPR).  Under the new data protection requirements, the conditions of consent has been strengthened, so the consents in standard terms and conditions is no longer applicable. It includes certain rights of individuals such as the ‘right of erasure’, whereby a person has the right to request removal of personal information (PI).

Personal Information Management system in Iptor IP1 allows customers, contacts and creditors to consent to having their PI removed. PI constitutes any information related to a person that can be used to identify that person. IP1 identifies the following as PI.

  • Name
  • Specific address lines
  • Email address
  • Phone numbers
  • Bank details
  • Personal ID
  • Tax file number

The following data files in Iptor IP1 is covered for PI removal.

  • Debtor details and related sales and AR transactions
  • Contact details and related sales and AR transactions
  • Cash sales and AR transactions
  • Creditor details and related AP transactions and Royalty contracts
  • Miscellaneous AP transactions

The request for PI removal in IP1 can be created by one of the following methods.

  1.  Manually for debtors, creditors and contacts
  2. Automatically by end of day process for cash sales orders and miscellaneous AP invoices
  3. Indirectly via change in CRM contact attribute (for registered web users)

When a request for PI removal is created in IP1 system, the request can pend for approval. Due dates can be maintained for removal at a later date. The end of month process will check if there is any outstanding transactions for the entity as well as the due date before removing any PI. If the update fails due to an outstanding transaction, the request can either re-pend or wait for update on the next EOM process. The request to opt out can be cancelled at any stage of the process as long as the update has not occurred. Once PI has been removed for an entity, it can no longer be retrieved. The system allows timestamp tracking of each stage of the process.

View business rules

Business rules setup

The following business rules have to be setup to handle Personal information management. Business rules for Personal information management. must be setup with support from Iptor IP1 consultants. It is critical to understand the setting of control files and how it works. Control files must be setup correctly for the system to operate as intended. Any changes to the control files setup should be addressed cautiously and in consultation with Iptor IP1 consultants.

Note This document does not cover customised setup tasks of specific companies. Deviations from this setup should be covered by setup tasks written by individual companies.

 

Business rules  Setup
********/PI-ENTY  Personal info: Entity This is a system defined control file which holds all the entity types in IP1 that can be removed using the PI Management system.
******/PI-ACTN  Personal info: Action This system defined control file holds all the actions taken in the process to remove the PI. The PI tracking processor will capture these actions at each stage of the process.
********/PI-STS  Personal info: Status This system defined control file holds the status of the request to opt out.

  • C – PI has been removed.
  • I – the opt out request was reversed by the opt in action
  • P – pending for approval if setup in ********/PI-PEND
  • R – rejected from pending approval
  • W – awaiting update (after being approved from pending or on request to opt out)
********/PI-DATA  Personal info fields to be masked This control file holds all the fields that will be masked (removed) for the requested entity by the EOM update process. You can also nominate the masking character.

Note: It is recommended to replace EMAIL with blanks to prevent programs attempting email operation once PI removal has occurred.
********/PI-PEND  Personal info: Pend for approval Requests for PI removal can be set to pend for approval. This can be set by entity type in this control file. If a request has failed to update it can be set to pend again or remain at ‘W’ status for next update.
********/PI-CN  Personal info: Anonymous accounts PI held on Cash sale orders or Miscellaneous AP invoices can be setup to be automatically removed by the EOM process. This control file must be setup with cash sale/miscellaneous account and the  retention period for automatic removal.

Note: If the retention days is set to 0 then PI would never be removed.
********/PI-CN1  Contact linked customer to include for removal Specify the contact type for contacts linked debtors that can be included for PI removal. Any customers linked to contacts with these contact types can be included for removal by the EOM process provided it is not linked to any other contacts and the contact is not linked to any other customers, i.e. a 1-1 relationship between the contact and the linked customer.
********/PI-CN2  Contact linked creditor to include for removal Specify the contact type for contact linked creditors that can be included for PI removal. Any creditors linked to contacts with these contact types can be included for removal by the EOM process provided it is not linked to any other contacts and the contact is not linked to any other creditors, i.e. a 1-1 relationship between the contact and the linked creditor.
********/PI-CRM  Remove contact PI linked to Cust/Cred This control file is used by the customer & creditor PI removal process to determine if any linked contact PI should be removed as well. For PI removal the contact cannot be linked to any other accounts.
********/PI-CC Setup the classification (contact attribute) and the opt in/opt out selection with retention days for registered web users.
********/PI-CNX  Personal info: Accounts to exclude in mass update This control file is used by the mass update program. Any accounts that should not be included in the mass update must be specified here.
 Setup CRM contact attribute  To provide an option for web users to opt out or opt in, the following must be setup.

  1. Define ********/PI-CC to hold the opt out/opt in options
  2. Setup CRM contact attribute in conjunction with ********/PI-CC.
  3. Change CRM  template for e-commerce to include the above CRM attribute with the opt in/opt out selection.
View the process flow

Procedure

It is your responsibility to ensure that you understand this procedure before performing the following tasks.

Note Deviations from this procedure should be covered by procedures written by your company. Before performing any tasks please ensure all the business rules are set-up accordingly.

Personal information removal process

 Process Steps
Create opt out request
  1. For customer, creditor & contact entities
    1. Manually request to remove PI. See PI opt out.
  2. For cash sales orders and miscellaneous AP invoices – there is an automated process triggered by end of day process. This process will check for completed daily transactions for accounts listed in control file ********/PI-CN with retention days <> 0 and create PI removal request. If non-zero retention days is defined then it will delay the PI removal update by retention days. Note: This process will not create PI removal requests for any historical transactions. To create PI removal requests for historical transactions, see step b. below.
    1. Ensure all cash sale and miscellaneous AP accounts that wish to opt out is setup in control file ********/PI-CN with the retention period.
    2. Important: To remove PI from the historical transactions, the PI removal program must be run initially when an existing account is added to control file ********/PI-CN. The following programs can be run from the command line to cater for this.
      1. XAW322L – to opt out by account name
      2. XAW322M – to opt out by period range.
  3. Contact can also be opted out indirectly via CRM contact attribute. When the web user updates his/her account to opt in/opt out (via the CRM e-commerce template), the web interface program will update the contact attribute with the selected option. Each time the CRM contact attribute is changed the system will automatically create the opt in/opt out record.
Review pending requests To review, approve or reject the request follow the process outlined in PI pending review.
Enquire on a request To enquire on any request follow the process outlined in PI inquiry.
Update The update (removal of PI) is automatically run by the end of month process. The following conditions must be satisfied before the update can be completed.

  • The status is ‘W’ waiting for update.
  • Due date has been reached.
  • There are no outstanding transactions for the entity.

On successful update the following will occur.

  • Specified PI for the respective entity and its related transactions will be removed.
  • Tracking history will be updated.
  • Status will change to ‘C’ for update completed.
  • For PI removal for a contact with a linked customer (with a 1-1 relationship), linked customer PI would also be removed if the contact type is in the list of contact types defined in control ********/PI-CN1.
  • For PI removal for a contact with a linked creditor (with a 1-1 relationship), linked creditor PI would also be removed if the contact type is in the list of contact types defined in control ********/PI-CN2.
  • For a customer & creditor PI removal any linked contact PI would also be removed if its configured to do so in control file ********/PI-CRM and the contact PI is not linked to other accounts.

When an update has failed due to outstanding transaction the following will occur.

  • Tracking history will be updated to ‘E’=error time stamp
  • Status will remain at ‘W’ unless control file ********/PI-PEND is setup to re-pend on fail.

Mass removal of personal data for a test environment

 Process Steps
Mass PI removal (XAO330)
CAUTION This program must be run with caution. It is specifically written for a test environment. It  will remove all the specified PI for customer, creditor and contact entities unless the entities are marked for exclusion in control file ********/PI-CNX. Tracking history is not maintained for mass update.  Please note once PI is removed, it can no longer be retrieved.
  1. You can only run this program (XAO330) manually from the command line.
Print Friendly, PDF & Email