General Data Protection Regulation (GDPR) is a new law that significantly extends and strengthens the current data protection laws, this allows greater protection for consumers and gives them more control over how their personal information is collected, stored, shared and used.
EMACS has incorporated additional features (please see below) to aid you in protecting your clients personal data. Before we can upgrade your system to the GDPR compliant system please complete THIS FORM.
While we have endeavoured to do everything that we can to aid your compliance ultimately it is your responsibility to ensure that you have provided adequate training and allocated appropriate system access to your bodyshop team in order to gain GDPR compliance.
Please Download For Complete List Of Changes
Please make sure that all EMACS users receive a copy of the List Of Changes.
- Additional Data security
- Your EMACS database has been fully encrypted
- Data transfer between ARC-AiDE and EMACS Server has been fully encrypted
- Your EMACS data backups have always been encrypted but are now secured with a 3 stage encryption process.
- Enforce passwords and min complexity
- You have the option to choose a minimum password length and special characters (if required)
- EMACS Reports
- All EMACS standard reports have been audited and personal data has been removed where it is not required
- All reports (including custom reports) now have the name of the person that ran / printed the report and a date/time stamp.
- All custom reports will be reviewed post upgrade, we can delete any that are no longer required.
- Remove all personal data from the shop floor, this includes:
- Job Spec
- ETRAC (Time Recording Unit)
- Data retention
- We are going to be purging (deleting) data after a specified time frame (chosen by you)
- We have the ability to exclude certain; Payment Methods, Manufacturers or specific jobs (as requested). This will cover any extended / lifetime warranties.
- For those customers that keep ALL data for warranty purposes we can introduce an Archiving system.
- Configure user access to personal data
- Warning on login for GDPR – System wide
- New user options of view / edit to restrict who has access to personal data
- Added user control to restrict who has access to ELINC
- Configurable Courtesy Car Agreements
- This feature has always been available, your courtesy car T&C’s (and a small section on the front of agreements) can be changed to show warnings regarding the use of personal data, as requested.
- Compliance with the new data subject rights
- The right to be informed
- Your own privacy information documentation is your responsibility. This document can be added to your EMACS Standard Letters if required.
- New Job Data History Report has been added with legal basis thats shows where personal data is being held on that job and what has been changed.
- External Links Report has been added so that your Bodyshop team can be aware of which systems they need GDPR notifications for.
- The right of access
- Job Data History should provide a suitable access report on the personal data being held for a job as this also details import and export from Audatex / other estimating and linked systems.
- The right to rectification
- Staff that already have access to edit personal data can make those changes and changes are recorded in F1 comments – Job Data History can be produced to evidence rectification.
- The right to erasure
- If a customer requests erasure then the nominated Data Protection Officer or GDPR Owner will need to fill out a form on our website to request the data to be anonymized. This will then be performed by EMACS and confirmed upon completion.
- The right to restrict processing
- We have added the ability to Prevent Processing of Customer Details. This feature is only available to people that you have authorised. Once activated (in the event of a data breach) the customer details are held and hiden at this point. Once processing can begin again you can untick the Prevent Processing and the customers details are restored.
- Cash customers may not want their data sending to 3rd parties. We have included a function that stops any customer details being exported.
- The right to object
- New consent option for direct marketing and preferred method of contact has been added to the customer tab where all contact settings can be changed to suit.
- The right to be informed
GDPR Upgrade Notifications
- Due to new encryption changes to ARC-AiDE you must ensure that all admin ARC-AIDE devices are using iOS8 firmware or newer.
- Post GDPR upgrade we will email your DPO or GDPR Owner a List of custom reports that have customer details included. Please review each report and decide which (if any) you wish to remove. This is to prevent future unnecessary data breaches, if there are reports that you do not need we will remove them.
- It may be a good idea to encourage your DPO or GDPR Owner to carry an internal EMACS audit at this point. If any users have acces to areas within EMACS that they do not require. (to reports that contain personal data for example), we can then show them how they can control this locally.
GDPR Upgrade Questionnaire - Must Be Filled In Before Upgrade