Description of the GDPR features in GO+
GO+ supports the General Data Protection Regulation (GDPR) for data privacy. Below are the main items described that affects the portal administrators and the end users.
Overview
There are configurations available for the Portal Administrator to set consent texts to show, to export user data on request, and to remove users and their data.
End users will be asked to give their consent the first time they log in. They can also withdraw consent at a later stage. If a user withdraws consent a notification is sent to an email specified in the portal for example to one of the portal administrators or another relevant inbox.
If you handle consent internally within the company on a global level and do not want to ask users to give consent in the GO+ Portal the GDPR consent dialog logic can be hidden. GDPR settings and contact persons need to be set, enabled, and configured by TicTac to make it available.
NOTE: TicTac does not provide any default GDPR end-user content texts for them to approve since we are only the data processor (personuppgiftsbiträde). It is up to the customer who is the controller (personuppgiftsansvarig) to define the consent text and to decide if consent is given in some other way outside the portal and is needed to be shown or not.
User settings
End users will be asked to give their consent the first time they log in. By clicking I approve they will give consent if not they will be asked the same question the next time they try to log in.
The consent text is also presented if users use SSO or via self-registration links, if GDPR consent dialogs are enabled.
End users can withdraw consent under their profile. Open My Profile and click edit profile. There is a button “Revoke Consent”.
Admin settings
Portal administrators need to set consent texts. They can also export user data on request and remove users and their data if requested.
To set consent texts. Log in as super administrator, go to settings and edit consent texts. NOTE: There will be one consent text per portal language.
To export the data stored about a user in case it is requested, find the user, and under user details click download user details. A file in JSON form will be downloaded. It is a text format with a structure that could also be used if migrating data.
To remove a user, find the user, select edit user and click delete user, this will remove the user account and all data stored about the user in the portal.
If a user withdraws consent a notification is sent to an email specified in the portal for example to one of the portal administrators. The email will be titled “Notification: User Withdrawn Consent” with content like this: “User [name] with id: [userid] email: [email] has withdrawn the given consent according to GDPR. The account is marked as revoked consent in the GO+ Portal [https:/portallink]. This email is a notification to the system administrator to take action for managing the user in the GO+ Portal that has revoked the consent and clean up any data regarding the user if need according to the policies.”
Compliance
Go+ can help you automate some of the key GDPR requirements, such as user inactivation and deletion.
If you want to automatically deactivate users who have not logged in for a certain period, we can help you set up this feature. Simply choose the interval, and GO+ will automatically disable their accounts based on their last login date. And if you have an SSO integration, their accounts will be reactivated when they attempt to log in again.
A deactivated (or inactive) user still has an account with their results and progress intact, but they cannot log in to the platform.
Should you choose to automatically delete users who have been inactive for a certain period of time, we can help you with that too. Let us know the interval after inactive users should be deleted, and we will activate the feature to delete users for you.
A deleted user's account and data, including their results and complete history, are permanently removed from the platform and our databases. Please note that this action is irreversible.
Contact our support team to learn more about how GO+ can help you with GDPR compliance.