Yesplan and the GDPR

How do you deal with the General Data Protection Regulation (GDPR) in Yesplan? We provide some tips below.

How can you verify in Yesplan that there is a legal basis for storing personal data of people?

The GDPR stipulates that the contact details of persons may only be stored (or processed) if there are legal grounds to do so. In most cases there will be legal grounds that allow you to store the details of a contact person in Yesplan. For example, a rental agreement with the customer will often be a sufficiently necessary reason to keep his/her contact details. If you use a custom data field of the type ‘contact’ on an event to enter the details of the customer, you can record which events each contact is registered against in your database. You can do this by looking at the 'bookings' tab of the contact's inspector. In this way you can demonstrate the legal basis for keeping track of the personal data for each contact. 

If you keep personal data for which the person's formal approval is required, you can also manage this in Yesplan by creating a custom data field on the contact in which you indicate that the contact person has given permission to store his/her data. The custom data field – a tick box - can be checked if permission has been granted and, if desired, additional fields can be created that contain information about the way permission was granted (for example through a web form). Via the Yesplan query language, you can request an overview of all contacts with the aforementioned field ticked as well as any other data fields you have configured. 

Who has access to the contact details in Yesplan? 

You can configure Yesplan permissions to determine who in the organization has access to certain contact information. If Yesplan users are not explicitly given reading permissions for contacts, these users will not have access to the personal data (this is called 'security by default'). However, it is possible that Yesplan permissions have been granted to various functions and / or persons so that they can at least read personal data in Yesplan. 

That is why you should check the Yesplan permissions in the context of the new regulations. In the permission templates you can check which functions and/or persons have access to contacts. In addition, you can check the permissions on a specific contact through the 'Permissions' tab of the contact's inbox. 

How can you remove contact details efficiently? 

Your contacts have the right to ask you to delete them from your Yesplan database. 

Moreover, you will have to check regularly whether you still have the permission to store a person’s details and you will have remove the contact if you lack the permission. If you no longer have the legal grounds to keep the contact details, you can solve this in Yesplan by deleting the contact. 

However, this person can already be booked on a number of events. This information must also be deleted. The contact bookings are available in the 'bookings' tab of the contact's inspector. Has the contact already been deleted? Through the Yesplan query language, you can search for contact bookings and delete them manually against the various events: 

    • Activate the search box by clicking on “Search” in the navigation menu. 
    • Enter the following query if you want to search for John Doe: contactbooking:name:"John Doe"
    • The result of this query is a list of all contact bookings for this contact. 
    • Click a contact booking to open the inspector. 
    • Click the button at the bottom right of the inspector to reach the event the contact is booked for. 
    • Remove the contact booking manually on the event. 

To facilitate this, Yesplan will develop a function in the future to enable you to remove these contact entries in one go. However, this function is not yet active. You will hear more about it in a later release.