Granting individuals access to data has become much more financially onerous since the GDPR regulations came into force.
It is not more difficult. The Ava advanced agency web system provides you with a simple two or three step process to ensure you are not granting access to someone’s profile in error. We have always done this. We engineer the system to be secure by default as demanded by GDPR: we have always treated access to personal data with the utmost repect.
Ensuring access to only those genuinely entitled falls under the imperative in the GDPR regulation: namely that you take all reasonable steps to protect all personal worker's aka employee’s data.
Step One invite an application from a known email address
First send an email to the employee or worker an email inviting them to register on your service and include the link to the “employees register” page. If you do not know what this is, simply go to you login page and click on the “employees register” button.
The link will be in the address bar of the new web page.
Once they have registered you will automatically get an email saying they have done so.
They will see a registration page similar to this one but with your service options:
Step 2 approve an application and perform an identity check
Log in as a Web Manager and then from the menu buttons (there will be three other button rows above the image below) go to the Approve user’s page.
You will see a list of the unprocessed applications.
Select the one you want to process.
At this point you will have the person’s contact number, email address, date of birth and employee number, they should reasonably match! You organisation data security policy may ask you to call or email the person and establish the request is genuinely from them. This is not mandatory from the system process, it is however good insurance and probably mandatory under the new GDPR law.
Having established that the person is from whom the application came, you can select the (top) option: Select a current back office profile and link…
If they are a new application, you can create them as either a new employee or new manager using the middle option.
The rule is: if they work i.e. are allocated shifts via the system then create them as an employee. If they are also a manger, you can give them managerial access (as well) using the configure users page.
Step 3 configure the new user with their appropriate rights to view and update the service
Finally if you are uncertain they are who they say they are... delete the application (using the third option) and possibly ask them to re-apply.