The aim of GDPR is to improve the rights of the EU citizen in terms of data protection, privacy and the confidentiality of personal data. Prodiags has therefore updated the group level personal information settings for administrators.
The Regulation emphasizes the right of individuals to their personal data. The registers must be justified, transparent and consent must be given to the use of the data. An individual should also be able to delete their own information from the register.
Prodiags LMS is a SaaS service where the Registry is controlled by a group-based educational institution or company that manages group users and user roles.
For client organizations, Prodiags Oy acts as a system administrator, ie as a data processor.
Group Administrator’s To-Do List
Each administrator should go through this list and make the necessary changes as soon as possible.
Verification of the administrator’s own contact information
- If, for example, a system has a problem, which results in the risk of safe processing of personal data, it is the responsibility of the data processor (Prodiags Ltd.) to report it as soon as possible. The notification is sent to the role based contact information for the administrators.
- The administrator / administrators should keep the role email address and mobile phone number up to date. Users “Forget Me” requests are directed to this email address.
- Prodiags system changes are primarily communicated via our blog and Prodiags 5 – Automotive Master Teacher group. Critical, rapid response can also be made by e-mail, SMS or call.
- The registers should only contain the necessary personal data. Particularly important is that roles that enable the processing of personal data, such as a teacher or group administrator, are excluded if there is no justification for them.
Data processing agreement
- Pre-completed data processing contract can be printed from group settings
Linking the Privacy Statement
- The organisations Privacy Statement should be linked to the Prodiags via the group settings.
Settings for existing personal information fields
- It is possible to determine group-specific, whether the field is compulsory, voluntary or discontinued
Customised info text for personal information fields
- Descriptions of what personal information is used
- Setting the user deleting delay
- Does user authentication need administrator approval?
Data processing agreement – DPA
This is done in writing between Prodiags Ltd. and the organisation maintaining the group. If there are several Prodiags groups under the organisation’s management, the agreement is made for each group separately, because the personal data processing settings managed by the group administrator are group-specific. The pre-signed contract can be printed from the group settings administrator view (group administrators).
This agreement must be signed before Prodiags is introduced to the organisation.
If the administrator/owner wants to outsource parts of the registry maintenance tasks to Prodiags Ltd., such as new user formatting from an external file, it should also be included in the contract.
The language version of the agreement depends on the language of the user interface. If the contract is not available in the selected language, the contract will be printed in English.
A pre-fetched computing agreement can be found in group settings (A) when the administrator is logged on. Administrator: Print contract and submit two copies signed to Prodiags Ltd.
Prodiags Ltd. / Rudi Steiner
FI-01720 VANTAA, FINLAND
We return the original piece signed back to the sender, the second piece will remain on Prodiags. A copy of the signed contract can also be found in the group settings (B), here is easy to review the contractual situation.
This is an official statement to the user about what information is collected and how it is used.
Organisational privacy statements are usually compiled from all the registers used centrally in one place, such as web pages, etc. The organisation’s Privacy Statement should also be linked to the Prodiags group’s settings, from which it appears to users in the Personal Inquiry Authority. The group administrator maintains this link.
This address (highlighted in red) is a link to the privacy statement for the description and approval of the personal data coming from the front page and should be completed in full, starting at: http: // or https: //
Organisation’s Privacy Statement
We recommend to go through every organisation during the launch of Prodiags. This is a summary of all the registers available to your organization. The privacy statement should be reviewed regularly. In supervisory data protection services, the structure of the register is usually analysed by answering questions. Here are answers to typical questions:
Personal Database Settings
These settings allow the administrator to personalise personal information settings, whether they are mandatory, optional, or not. Note, the administrator can not change settings for all personal information fields because some of the basic information is required to show to the user.
The administrator can change descriptions of personal data fields: ADMIN-> GROUP SETTINGS -> EDIT USER PERSONAL DATA SETTINGS.
Customised info text for personal information fields
The descriptions of the personal information appear to the user upon logging in, the description of the personal data in the approval form.
In Prodiags 5, there is an option to add a separate info text to each of the personal data fields used, which can be used for a verbal description of where the information is used in the group. This does not really replace your data protection report based on GDPR, but it can complement the use of data collected by the data subject. At the same time, info also acts as a guide. The group administrator maintains these info texts.
For example, the user information has an info button that displays a description of the username. These descriptions may be changed by the administrator from personal data settings.
Special settings can be changed group-specific, whether the user can delete himself or whether he or she is required by the administrator’s approval (A).
Here you can also change the time delay, ie how long the roles / users will be kept after the end of the actual license (B).
The red button (C) below redefines the acceptance of the use of personal data, which is acceptable to the user when logging in to Prodiags for the first time. This query will be renewed whenever changes to the group settings affect personal data processing practices.
Additional information: Leave a comment or contact us.