Foreword
This document is a guide to responding to Data Subject Requests (DSRs) made under the General Data Protection Regulation (GDPR) where the data is held in your Certain database. It covers the rights granted to individuals under the GDPR:
- The right of access to personal information.
- The right to be forgotten.
- The right to rectification.
With Certain’s standard reporting tools, you can quickly find and export the information held about any registrant or user, and email it to the requester. See “View” Requests below. The GDPR requires that an individual be able to obtain a copy of their data in a standard format.
---
Introduction
There are three types of requests you may receive from individuals who may have Personally-Identifying Information (PII) on file:
- Requests to View their information.
- Requests to Edit their information.
- Requests to Forget Me; that is, to Delete their information.
The individuals involved may be any of the following types:
- Registrants.
- Speakers.
- CertainAPP users.
The steps are similar for each request type and individual type but are listed separately below. The steps for Registrants and Speakers are identical. All steps start with logging in to the Certain App, and navigating to the relevant account(s), as described next.
---
Logging In to Certain
1. Log in to Certain with your usual credentials. Your user type must be at least “Registration and Support.” The higher levels include “Event Planner” and “Administrator.”
2. Note: To use the Profile Anonymization feature described on page 10, you must be an Administrator.
3. You are automatically logged in to your account.
To change accounts, click the account selector icon below the account name in the upper left corner, and select a sub-account.
---
Registrants’ and Speakers’ Information
“View” Requests
To View a Registrant’s or Speaker’s Information
1. Open the registrant’s or speaker’s profile record.
2. Click the icon on the global navigation toolbar in the upper right corner.
3. Choose Profiles.
4. Open the registrant’s or speaker’s profile using their Email address.
5. A list of matching records is displayed. If the account uses unique email addresses, only one record is displayed.
6. Click the record to view the details.
To Export a Registrant’s Information
A) Create a Profile Report
1. Create an account-level Profile Report, and include columns of interest. These are what you’ll see in the list of reports when you go to find and run the report in the future.
2. Open the top-left menu and select Profiles.
3. In Profiles, select Reports.
4. In Profile Reports, click Create Report.
5. On the Report Setup page, give the report a name and, optionally, a description.
6. Under Visibility, select All Accounts (to make the report available in the current account and any sub-accounts below it).
7. Under Report Type, choose either Profiles (default) or Profiles and Registrations.
- A Profiles report includes name, address, and other PII.
- A Profiles and Registrations report also includes registration history across events.
- Note that you cannot change the report type after creation.
8. Save the report.
9. In the left navigation panel, select Display.
- Choose a Report Format (for example, Export to .CSV).
- Choose a Data Format (for example, Output data as stored).
- Save the report again.
10. In the left navigation panel, click Columns to select the data to include in the report.
- Move appropriate fields from Available Data Fields to Selected Data Fields.
- Save the report again.
B) Run the Report for a Registrant
1. Select Filters in the left navigation panel.
2. At the end of the page, filter on the registrant’s or speaker’s email address.
3. Click Run Report to create the export file.
4. Download the report to share with the requester.
To Email a Registrant or Speaker Their Information A) Create an Email Template 1. In an event, go to Promote > Communication > Email Templates > Registration. 2. Click Add New to add a new email template. 3. Give the email a self-explanatory name. 4. Select the option to make the report Visible to All events in account. 5. Add all relevant Standard Profile Fields and Custom profile fields to the body of the email. 6. Do not include any event-level information. 7. Save the template.
B) Send the Email to the Profile 1. Open the registrant’s profile record, as described under “View” Request above. 2. Click Email in the left navigation panel. 3. Select the email template, and click Select. 4. At the bottom of the page, click Preview. If satisfied, click Send Email NOW. 5. The sending of the email will be included in the profile’s History, which you reach via the left navigation panel.
“Edit” Requests
1. Open the registrant’s or speaker’s profile record, as described under “View” Request above.
2. Confirm the correct record is displayed.
3. Click the Contact Details header bar, or Contact in the left navigation panel.
4. Edit relevant information, and Save.
5. Click Questions in the left navigation panel.
6. Edit relevant answers to profile custom questions, and Save.
7. The edits will be included in the profile’s History log, as described above for emails. (Page 9.)
“Delete” (forget me) Requests
Best Practice: Anonymize Profiles. You can anonymize Profiles in an account, removing personally identifiable information, so that the individual remains anonymous. Note: An Administrator should follow this procedure; it’s not available to Event Builders or other users.
In summary, identify the profile fields that hold PII, and configure replacement text. You can then select profiles, and anonymize them by clicking one button.
Detailed Steps 1. Go to User and Account Settings > Account Settings > Implementation > Privacy Compliance > Profile Anonymization. 2. Under Anonymize Profile Fields, select the Standard and Custom Profile fields for this Account that you want to anonymize when you select individual profiles in step 6. Include all fields that could be deemed PII. Note that many standard profile fields, such as name fields and email, are preselected and will always be anonymized. 3. The default anonymization string that will replace the values in the selected profile fields of an anonymized profile is "". You can change that to any text of your choice. 4. If you select Make Profile Inactive, then anonymized profiles will also be set to inactive, meaning they will be excluded from reports and searches. 5. Save your selections so that you can use them when anonymizing profiles, as explained next. 6. Under Profile Anonymization, for the Profile(s) to anonymize, type at least 3 characters of their Email or Phone, or type the complete Encoded Profile ID beginning with "0x". 7. View the list of matching records, and click to view a profile’s details to confirm you have the right record. 8. Select the check box(es) for the profile(s) you want to anonymize. 9. Click Anonymize to update the selected profile(s). The values of the fields selected in step 5 above are set to the Anonymization String, and if Make Profile Inactive was selected in step 4 then the anonymized records will no longer be returned in searches or reports. 10. Under Anonymized Profiles Audit Report you see a list of the anonymized profiles in the account.
You can search for one by PkprofileId or Username; as in the screenshot.
---
Users’ Information
A “user” is anyone who is set up in CertainAPP with a user record. To view another user’s details, edit or delete a user record, you must be logged in to Certain yourself as an Administrator. That is, your own user account must have a User Type of “Administrator”.
---
“View” Requests
For a User to View Their Own Information
1. Go to User Information and Account Settings > User Information.
2. The “My User Information” page opens.
3. View or edit the information as required.
For an Administrator to View Another User’s Information 1. As an Administrator, go to Account Settings > Administration > Users. 2. To search for the user, enter their email address in the ID field and click Search. 3. Click the user’s row in the results. That opens a page showing their details. 4. The only PII data is likely to be their name, email address (twice: as both Login Id and Email), and phone number. (See the screenshots.)
“Edit” Requests
For a User to Edit Their Own Information
1. They should open their user record as described under “For a User to View Their Own Information,” above.
2. Edit fields as required, and Save.
For an Administrator to Edit Another User’s Information 1. Open the user’s record as described above under “For an Administrator to View Another User’s Information.” 2. Edit fields as required, and Save.
“Delete” (forget me) Requests
1. As an Administrator, open the user’s record as described above under “For an Administrator to View Another User’s Information.”
2. Clear the Active check box.
3. Clear out the Phone number, or replace it with anonymization text, such as “” or “anon”.
4. The other PII fields, Name and Email, are required fields, so instead of clearing them out, enter appropriate anonymization text.
5. Note: the Email field must be in a valid email address format, such as anon@certain.com.
6. Save the changes. The user will no longer be able to log in to Certain.
---
Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request
Return to top
Comments 0 comments Please sign in to leave a comment.
---
[MARKDOWN]