With the release of Sugar 8.0, Sugar introduced a new Data Privacy Module, this module is a feature aimed at supporting your ability to carry out your Organisations data privacy policies.
What is the Data Privacy Module?
The Data Privacy module allows users to record and action Data Privacy requests in Sugar, just one part of a feature set to support your Organisations ability to comply with GDPR.
The Data Privacy module will not be automatically enabled, therefore if your Organisation wants to make use of this great new feature it will need to be enabled by a System Administrator user via Admin -> Display Modules and Subpanels.
The Data Privacy module will allow end users to log Data Privacy requests which will then be actioned as appropriate.
Within the module there is a “Type” field which displays various different types of data privacy requests that may be made by an individual, such as
- request to erase information
- give consent to process information
- withdraw consent
- and more.
This Type field ensures that end users can log all data privacy requests accurately in one place and at the same time ensures that the DPM knows all details in order to action the request accurately.
How to Create a Data Privacy record
All users that have access to the Data Privacy module will be able to create a Data Privacy record against the individuals’ Contact/Lead/Target record for the request to then later be actioned by either a user that has the Role of Data Privacy Manager or by a System Administrator user.
To create a Data Privacy record, navigate to the “Data Privacy” subpanel -> create a new record, fill out all data necessary -> select save. 
Once the Data Privacy record is created it is a manual task for the DPM (Data Privacy Manager) or System Administrator to action the records.
See the below images as examples of how the DPM can mark which fields need to be erased as per the request and then go ahead and complete the erasure.
Once the value is erased, a “Value Erased” pill will display as below. This is a placeholder for where the value previously appeared. Users will still have the ability to overwrite the “Value Erased” pill in the future if required.
It is important to remember that erasure can only be performed if the “Type” has been set to “Request to Erase Information” and the “Status” of the Data Privacy record is set to “Open”.
Why create a Data Privacy record and not just delete?
In order to comply with the data privacy policies that were implemented with GDPR, the release of Sugar 8.0 has the functionality that allows fields marked as Personal Information to be erased immediately and permanently. Deleting a record in Sugar does not immediately remove this from your Sugar database. The record will be marked as deleted in the database so that it no longer appears in the Sugar instance and visible for end users (= soft delete), however, it will not actually be removed from the database until the scheduler runs next (= hard delete, scheduler interval is set to once a month and is inactive by default but can be amended per instance).
Fields can be marked as Personal Information via Admin -> Studio:
Please Note
In List View of a module a name value is usually displayed as a clickable blue link, if however, it is a name value that has been erased but the record still exists, then an icon (see below) will display next to the “Value Erased” pill and by clicking this icon the record will display in Record View.
If you have any further questions on how to use the new Data Privacy module in Sugar please contact us using the below link.
