The purpose of this article is to give you a comprehensive overview of the extensive smart GDPR Solution fully built into the Affino Unified Digital Business Platform. These screens give you a shortcut on a lot of integral complexity which does still require a fair amount of setup - but with Affino’s detailed guides and live examples is something that any Affino Client can easily and relative quickly accomplish.
Affino’s GDPR is designed to fully safe-guard the consumer as well as protecting the digital property it inhabits. We firmly believe that Affino’s take on GDPR will become the gold standard for level and degree of implementation - and discerning customers will gravitate towards sites which give them the full Affino level of privacy protection. Affino is a pretty singular in its fully comprehensive take and complete delivery of the GDPR legislative framework. It could be seen as somewhat disrespectful to offer your customers anything less!
I’ve ordered the screens within a narrative arc that makes most sense to me from a customer contact perspective.
As per this site's example, all websites need to present a Cookie Consent Bar and comprehensive set of GDPR links / resources to Clients for whichever way they encounter your site. We tend to use the terminology 'Legal' as the general subject / category that those resources sit in. For Affino.com they include the following, which we believe is a benchmark implementation:
Via mobile-optimised tabbed modal dialog window Affino presents the different cookie types and allows you to set sliders on whether you opt out of specific performance and tracking cookies.
Terms and Conditions are baked into several parts of Affino, but newbies are first likely to encounter them on the site Registration where terms must be accepted in order to proceed. It is alway essential to have a visible terms link (usually in footer) on every page of your site.
You will most likely first encounter 'Permission' statements and consent modal dialogues when either signing up for Newsletters separately, or as part of registration. Each Mailing List will have its own separate permission statement / consent element in line with GDPR's explicit consent ruling.
Once registered, you can click through to your Account Preferences screen which gives you a clear interface and overview as to current Preferences selected - you can adjust and update these at any time.
These are the messaging Permissions you have consented to, also available via your Account Preferences screen. Each Permission statement has a date-stamp and [Revoke] button attached - and you can rescind your consent at any stage.
This is the first of the essential online forms - users can request they not be profiled any more - a simple setting which is applied on the User Security Screen - which means no logged tracking and no subsequent Personalisation therefore.
Per GDPR regulations users / customers can request you provide them with all the data you hold on them - you have 30 days to comply - and can carry out this task very easily using the individual User Export function.
The final form covers the customer's prerogative to be 'removed' or 'deleted' from your system - actually the legislation requires you have a log of this transaction, so even though you fully suspend and archive User / Contact - you still need to maintain basic reference / record for compliance purposes.
For Admin users - you can check on a customer's Permissions by accessing that Tab on the main Contacts Screen - for a full overview - with consent date stamps etc.
If/When a User/Customer requests you 'Send Me My Personal Data' you would then carry out an individual User Export and email said file to them - you have 30 days from request within which to action this.
The likely End of the road for this particular relationship - on the User Security screen you tick all the Suspension options and then hit the 'Archive' button up top. Per GDPR requirements, Affino is required to keep a record of this transaction - so the most basic record is retained to fulfil that regulation.
However comprehensive the Affino GDPR solution is - and we believe it to be one of if not the most comprehensive of its kind. The Data Protection Officer nevertheless has to do a lot of separate tasks in the area of 'Balancing Tests' and weighing up 'Explicit Consent', 'Consumer Rights' and 'Legitimate Interests' - and the last category still seems to be fairly loosely interpreted by many.
In fact there is still rather a pandemic and widespread abuse of 'Legitimate Interest' reasoning which is kind of beyond the control of the actual GDPR Solutions. We give you the full framework and tool-set to be wholly and absolutely fully compliant to the regulations - yet your interpretation or approach to 'Legitimate Interest' could land you in trouble and might make you still liable for fines - so in that area we advise you to consult an expert GDPR-centric law firm - or you may still be facing up to heavy fines.
There's only so much we can enforce on a systemic level - 'You can bring a horse to water...' in this case but you can't enforce the absolute degree to which they follow or interpret the rule book. Affino nevertheless provides the complete tool set for outright GDPR compliance and we give you the best advice on how to apply it and fully demonstrate its execution by our own benchmark roll-out of the same.