Automatic anonymization
Eventsforce has a built-in role called GDPR Administrator. This role cannot be edited, but it can be added to a user's profile. Anyone with this role can implement your data retention and disposal policy in Eventsforce.
Automatic anonymization is scheduled to take place daily at 00:10 UTC. This cannot be changed based on your timezone.
Add the role to a user's profile
Go to System Settings > Security > Users
Click to 'edit' the user who requires the role
In the 'Roles' 'dropdown, locate and select "GDPR Administrator"
Click "Save"
Users with the GDPR Administrator role will have access to the security page, "Data Protection (GDPR)", and to a feature called "Personally identifiable information" on the database items page.
Personally Identifiable Information (PII)
Your data retention policy may include a list of answers to sensitive questions that you will want to delete, we call this data personally identifiable information (PII).
Eventsforce has marked some standard database items that have been deemed as sensitive, for instance:
firstname
lastname
email
username
A full list can be seen on the data protection page.
A user with the GDPR Administrator role can mark other questions as PII that your organization has deemed as sensitive. Once marked, Eventsforce will be able to identify which questions should be anonymized or deleted based on the date calculated by the values on the data protection page.
If no values have been entered in the fields on the data protection page, nothing will happen to your data whether it has been marked as PII or not.
If required, you can report on PII items using the filter and column in reporting using Database items as the data source.
Which records will be anonymized or deleted?
When you set your policy for automatic anonymization on the data protection page, by adding a value in "Anonymize and delete data after:", the deletion date for a person will be calculated from the "end date" of an event, as set on the event properties page, or the person "last updated on", date whichever is the latest.
The last updated date might correspond to:
The last day of any event that person is registered for, including cancelled people
The last day of any event a person is a registration contact for
The last day of any event a person has started or completed an abstract submission for (including inactive and incomplete submissions)
The last day of any event a person is an author or co-author of an abstract for
The last day of any event a person is a reviewer for
The last day of any event a person is an award submitter for
The last day of any event a person is an award judge for
The last day of any event a person is a presenter/session chair for
The last day of any event a person is a guest for
The last day of any event a person is a table guest for
The last day of any event a person is a room guest for
The last day of any event a person is an invitee for
The last day of any event a person is on an event-specific list for
The last day of any event that a person is connected to in any other way
The date that any person last replied to a survey
The “last modified” timestamp on the person record
The date for each specific record will be displayed on the 'Person Details' page, when you click on the person icon for a record, as:
Anonymization date: for people who have not yet been anonymized
Anonymized on: for people who have been anonymized (this will show the date of the first anonymization).
Hovering over the information icon will show how the anonymization date has been calculated.
The above will only show if values are entered in the fields on the data protection page.
Deletion of Invoices
You can decide if invoices should be deleted at the same time as all other data or if there is a requirement to retain this financial information for a different period of time.
The data protection page has a separate setting for invoices. The deletion will happen, based on the value in "Delete invoice personal data after:". It will calculate the date based on the event end date on the event properties page.
All invoice and credit note line items will still be available. However, invoice PDFs generated through the API will be deleted, but it will still be possible to view invoices in the Eventsforce admin portal.
Please note that if standard anonymization is set to occur before invoice anonymization, it's possible that personally identifiable Information will be retained on the invoices data source after the booker's record has been anonymized. This information is limited to the available fields in the invoices data source, not all PII items that the booker has answered in their registration.
Deletion of emails
Anonymizing an email involves deleting its contents, anonymizing the email headers, and unlinking the email from person history records.
The deletion date for emails will be calculated from the date they were sent, which may include emails for people that are not getting anonymized until a future date. Email content is either deleted after 12 months, or the number of months specified on the “Data Protection (GDPR)” page, whichever comes first. If the anonymization date is set to anything greater than 12 months, the content will be deleted after 12 months but the information in the header will remain until the scheduled anonymization date.
For example, if you have set up your data protection to ‘Anonymize and delete data after’ “6” months, all emails sent more than 6 months ago will be anonymized. If you have set up your data protection to ‘Anonymize and delete data after’ “24” months, email content will be deleted after 12 months.