GDPR Agency Actions

  1. To make sure you have added your new terms, privacy policies, opt-ins and consent
  2. To be aware of new registration process
  3. Ensure you have added descriptions to the top of each page of the registration process
  4. To be aware of the new 'Terms & consent' section in the staffarea
  5. Allocating your staff communications to the correct category
  6. To be aware that incomplete profiles will be automatically deleted after 28 days
  7. Be aware of updated leaver process
  8. To use the new House Keeping section to clean up and remove staff
  9. To be aware of the new deletion process
  10. Notification of a login from an unknown device and location
  11. Revoking a user account from an unknown or lost device

To make sure you have added your new terms, privacy policies, opt-ins and consent

With the new GDPR rules we would recommend you have the following in place for staff to agree to and/or opt-in:

  • Terms and conditions
    • GDPR compliant
  • Privacy policy
    • This would be the most important to be GDPR compliant
    • Technical information regarding the system can be found here: Security and Data Protection
  • Opt-in to agree to the processing of staff data for the purpose of promotional work
    • Would just be an opt-in with no copy attached

Please ensure that when they are added/updated that the staff:

  • Must agree to these terms, consents, etc on next login
  • Must agree to proceed with the registration process
  • Cannot be paid unless they are opted-in/agreed

We would recommend emailing and SMS'ing all active staff to tell them to login to their staffarea to agree and/or opt-in to continue to remain active on your books.

To add/manage these to your system please use the main article in the user guide: Managing your terms, privacy statements, opt-ins and consent

To be aware of new registration process

The registration process has been updated to only take the information required to process them to make them active on your books and be able to place them onto their first shift. The new structure is as follows:

  • Login details
    • Their name, username, email, password
    • All terms, privacy statements, opt-ins and consent are placed here now as well
  • Contact details
    • Main contact details, emergery contact, address and where you are willing to work
  • Right to work
    • Passport, visa, NI number
  • About you
    • Nationality, Lanuages spoken, Bio, Driver license info
  • Experience
    • Experience, fields, sectors, skills - from lists, have they worked for you before, actual previous experience and additional info
  • Availablity
    • Other commitments and availability
  • Photos

The following pages are now only taken when you request them from the staff if you need them:

  • Training and qualifications
  • Sizes and attributes

Lastly, bank details now will be requested by the system automatically after they have completed their first shift. You still have the link from the dashboard to use to chase the staff 'Due pay, missing bank details'

 

 

 

Ensure you have added descriptions to the top of each page of the registration process

The registration process has been reduced but you need to also state very clearly why you are taking this information on each page of the registration process.

Please go to 'Settings > Staff registration > Registration form tab descriptions' and add your copy.

To be aware of the new 'Terms & consent' section in the staffarea

There is a new block on the staffarea dashboard called 'Terms, consent & opt-ins' detailing their opt-in/agreement statuses.

This block has a link to take them to the full list to amend if required. Example of how this looks:

With the main section they can easily opt-out/disagree as required. These such actions will trigger the require funtionality as specified when they were setup in setting in the main system.

Allocating your staff communications to the correct category

In order to make sure the system sends emails accordingly depending on the choices your staff made with opt-ins and consent we have added a category dropdown to the communication dialogue. This is in the top right:

The reason we added this is if you are sending a job alert/job invite email, not via the 'invite staff to job' method that is built in, the system cannot know what the purpose of your email is so you have to add the 'email type' manually here.

This also give you much better categorisation of all the email commucation sent from the system.

To be aware that incomplete profiles will be automatically deleted after 28 days

Incomplete profiles will not be deleted after 28 days.

A warning email will be sent to the person 7 days prior to deletion.

This email can be customised in 'Settings > Message options > Email copy > Auto tab > Incomplete profile deletion 7 day warning'

Be aware of updated leaver process

You can now use the Leaver status to intiate a P45 request. This can be achieved by:

  • You changing their status to Leaver within the system
  • Staff clicking on the link in the email using the [[leaver_link]] tag

What you decide to do with those staff is your own decision as it may depend on the history of that person, and what they want to do. You can:

  • Move them to archive so they remain on the books and the staff have access to the staffarea should they ever want to return for work
  • Delete them from the books. See the next article for the deletion process

To use the new House Keeping section to clean up and remove staff

The House Keeping section can be found in the Staff dropdown.

This page will allow you to filter for staff based upon:

  • When they registered
  • When they last logged in
  • When they were last booked onto a job
  • Then by the opt-in status on all your custom terms, privacy policies, consents and opt-ins
  • Then lastly by when the 'House keeping' email was sent last

Use this page to determine which staff you no longer need to keep on your books and that can be deleted. There is no set formula and is what you determine to feel most comfortable with. Ideally there should be minimal staff in your archive, as staff that have never worked and in your archive should be removed.

Use the checkboxes to select staff statuses and then use 'With selected > email' to use the 'House keeping' template to email staff to give all staff the option to:

  • Remain on your booked by logging into their staffarea to agree/opt-in to new terms, etc to remain
  • Be removed from your books by clicking the [[leaver_url]] tag, or simply by ignoring the email

We highly recommend using this page frequently to make sure you keep a nice and up to date pool of staff who have opted-in.

To be aware of the new deletion process

When you delete staff we will be using data pseudonymisation. This basically means that all the personal data from the profile will be deleted making it totally anonymous and leaving behind the following:

  • Staff id
  • Consent, opt-in log
    • In case it needs to be referenced in the future
  • Notes
  • Job history
  • Payroll history
    • If they have worked before
  • Status change history
  • Contact history

All of the above will have no reference to any personal information of the removed staff. When deleted a file will be downloaded to the desktop with the persons name and his staff id. This MUST be kept someone away from the database and to be used as required to pull up the above info about that person in the database.

Notification of a login from an unknown device and location

You will receive an email when your account is logged in from an unknown device and location. You will only receive this email once per device as this device will then be stored on your user account.

If the login is you, then you can ignore the email and you. If it is not you please see Revoking a user account from an unknown or lost device

Revoking a user account from an unknown or lost device

You can revoke access to a certain device that has been logged into via your user account.

This should be used if:

  • You lose a mobile, tablet or laptop device
  • You receive an email saying that you have logged into device at a location unknown to you

To do this go to 'Administrations' and there is an option to to a list of devices:

Then revoke the device/location as required: