Data protection (GDPR) configuration options
If your program handles personal data of any person located in the European Union, the EU General Data Protection Regulation (GDPR) requires your organisation to comply with the regulation, regardless of where in the world your organisation is located. You are well advised to familiarise yourself with the regulation— there are many helpful, plain-language guides online. The full text of the regulation is available in a neatly arranged website here.
Complying with GDPR may not be relevant for you— in any case, we still encourage best-practice protection of personal data wherever you are. There are likely to be other data protection laws that do apply to your organisation. This article highlights Good Grants features to help you comply.
Data protection preparation checklist
Review the configuration of the following features available in Good Grants to help you with data protection compliance. Summary of steps, with further detail below:
- Agreement to privacy policy, activation
- Consent to receive notifications and broadcasts, activation
- Subscription preferences, familiarisation
- Cookie notice and consent, activation
- Fields containing personal data, review and activation
- User permanent deletion, familiarisation
- Sign a Data Protection Addendum with Good Grants
Agreement to privacy policy
To obtain explicit agreement from users to our standard (GDPR compliant) privacy policy, cookie policy and terms of service, activate this feature as follows:
- From the Manage workspace, go to Settings > Users > Registration
- Tick the checkbox Display checkbox requiring agreement to terms
- You may also choose to Modify/reset default text, and/or linked policies; see more details regarding updating the Privacy Policy here
- Click Save
With this feature activated:
- New users will be required to tick a box when registering to confirm they agree to the terms
- Existing users, when they next log in, will be asked to agree to the terms, if they haven't already
- Users' agreement is recorded with the text they agreed to, timestamped, on their user record
Consent to receive notifications and broadcasts
To obtain explicit consent from users to receive notifications/broadcasts, activate this feature as follows:
- Go to Settings > Users > Registration
- Tick the checkbox Display checkbox for optional consent to receive notifications and broadcasts
- You may also choose to Modify/reset default text
- Click Save
With this feature activated:
- New users can optionally tick a box when registering, confirming their consent
- Existing users, when they next log in, can update their preferences from their user profile
- Users' consent is recorded with the text they agreed to, timestamped, on their user record
Related: Privacy Policy and Terms of Service
Subscription preferences
All broadcasts and notifications sent from Good Grants include a link in the email footer to Unsubscribe from our emails. Clicking this unsubscribe link will update the users' consent to receive notifications and broadcasts automatically. Any user can change their preferences at any time via their user profile page.
- Log in to your account, click on your name at top right
- Click Profile
- Go to the Preferences tab
Cookie notice and consent
To obtain explicit consent from users to the use of cookies, activate this feature as follows:
- In the Manage workspace, go to Settings > Users > Registration
- Tick the checkbox Request explicit consent to cookies from users
- Click Save
- You may also choose to modify the default consent text by going to Settings > Content > Content blocks in the Manage workspace and clicking on Cookie notice to edit
With this feature activated:
- Users who have not made a consent selection will be shown a "Cookies in use" message at the top of the page, with options to allow cookies
- Users' consent is recorded with the text they agreed to, timestamped, on their user record
- Users can change the cookie consent option at any time by going to the 'Preferences' tab on their profile
Related: What does the 'Cookies in use' banner mean?
Fields containing personal data
You should review all fields configured on your program for whether they are collecting and storing personal data. On field configuration there is a Data protection option that you can set to one of:
- Standard
- Elevated (personal data)
- Maximum (sensitive personal data)
There is more detail about data protection on fields here.
User permanent deletion
Under GDPR and other data protection laws, data subjects (your users) have the right to erasure, also known as the ‘right to be forgotten’. A user has the legal right to ask you for their personal data to be permanently deleted from your records, which you must act upon. Users are not able to permanently delete themselves, but you can permanently delete a user from your Good Grants program on their behalf.
Find more details about permanent deletion of users here.
Sign a Data Protection Addendum with Good Grants
To comply with GDPR, you will need to have a Data Protection Addendum in place with us. With respect to the handling of personal data in your account— under GDPR, your organisation is the data controller and Good Grants is the data processor. Article 28 requires a contract that binds the processor (that’s Good Grants) to apply appropriate data protection measures when processing data on behalf of the controller (that’s you). Our GDPR-compliant Data Protection Addendum can been seen here.