Foreword
Please note, this is not legal advice, nor is it to be construed as anything other than Onyx Garage Software's own interpretation of the new GDPR regulations. As with all legal requirements, it is ultimately the responsibility of the garage/workshop owner to ensure that they are compliant with any legislation/regulations.
It is our understanding that from May 2018, due to the GDPR regulations, it will no longer be possible to record and use customer's personal data without obtaining their express permission. It also appears to require that any data captured prior to May 2018 can only be retained if it was originally captured in a way that is compatible with the new GDPR regualtions. We feel that in practice, unless you have concrete proof that your customer has provided explicit permission for you to retain their data, then it should be deleted from your system. Clearly this will have an impact on how you run your business, for example, how will you be able to check owners for warranty purposes, or send reminders for annual services etc?
Here at Onyx Garage Software LTD, we have created a GDPR policy that sets out how we will prove explicit permission has been given, how we will try to obtain permission from previous customers, how long we will retain data, what we will do with it, and what we will do if we cannot contact the customer to obtain their permission. You may wish to create your own policy.
To assist with GDPR compliance Onyx now provides visual warnings if you haven't captured the customer's permission, and also a couple of ways to capture and record the information. Onyx has three different compliance levels in the options screen, these are:
| • | Off - you will see visual warnings but no other changes, you might use this on the lead up to GDPR coming into force |
| • | Warn - you will be prompted to capture the customer's GDPR consent but you can ignore the prompt |
| • | Enforce - Onyx will not let you continue saving a customer's data if you have not obtained their permission. In this mode you will have to use the 'Cash' sale account to create jobs/invoices/estimates etc. Also, Onyx will exclude any customer's that you have not obtained GDPR consent for from reminders and mailshots etc. |
Please note, although GDPR appears to relate to a person's data, and hence you should not need to obtain GDPR consent for a business, the reality is that you will likely have a contact name and email for a person at the company, and hence you still need a GDPR consent. For this reason, Onyx shows warning regardless of whether it is a person or company.
Detail
Selecting the level of GDPR compliance (Options Screen)
When you create a new invoice or customer account (or use an existing) you will see a new button:
Here you can see the GDPR warning button (!) it means that you have not yet captured the customer's permission to record and process their data
Once you've entered the customer's name etc, you can press the button and you will then see:
GDPR Consent screen.
At this point you can load a saved image (if you have scanned a form), you can print a new GDPR form that the customer can sign (you can then either scan the form or file it and enter a comment to say that you have done this), or you can use Onyx Mobile to capture the customer's consent.
If you select to print a new GDPR form, you will see the next screen:
This is the GDPR Form screen.
You can see the default text of the letter (with some HTML formatting). If the default text doesn't suit your needs, simply edit it and it will be saved for the next customer. Once you're happy with the text, press 'Merge to letter' and you will see:
If you decide to use Onyx Mobile then press 'Get from Device' you will then see the following screen:
Follow the instructions and then in Onyx Mobile you will see the following:
Once the customer has signed, then press 'Send' and you will then see the following screen:
You can edit the mobile form via Maintenance -> More -> Design Mobile GDPR Form:
We've also added a new column to the customer list screen so that you can see which customer's you have captured GDPR consent for, to display this field please open the customer list screen (Maintenance->Clients) and then press the field selector and then select GDPR:
To contact previous customers you can use the customer contact screen (Reports/Letters/Account Manager->Customer Contact), then use the filter to select customer where GPRD = false:
Now you will only see customers that have not given permission, you can now email or send letters to them (before the GDPR regulations come into force).
We will continue to monitor GDPR and will update Onyx as required.