GDPR is a comprehensive set of rules designed to empower EU citizens by putting them directly in control of how they want their data to be processed and protect their data privacy due to the increasingly complex nature of personal data transmission across the world. Listed below are the various GDPR specific options available in Bigin's API across different end points
The content presented herein is not to be construed as legal advice. Please contact your legal advisor to know how GDPR impacts your organization and what you need to do to comply with the GDPR.
The following changes to the API are applicable only for modules which have GDPR Compliance enabled.
The key privacy_settings in the Organization API determines if the org admin has enabled GDPR compliance for that org. The data type of this field is boolean, i.e true/false.
If privacy_settings=true, GDPR Compliance is enabled for the Org.
If privacy_settings=false, GDPR Compliance is disabled.
A field in Bigin named Data Processing Basis Details will carry the lawful data processing basis for the particular record. You can determine the values in this field based on how you want to process your customer's data.
Currently, this field is supported only in Contacts module.
Records API - INSERT
When Inserting or adding a record, the Data Processing Basis Details key must be given in the POST request. This new key contains the details of the consent form that is accepted by a customer. In another sense, within a request, this key can be used to add consent details to a particular record.
The values in this key are in the form of a JSON Object.
The same request pattern is to be followed for Update and Upsert records APIs.
If the Data Processing Basis Details are not specified when inserting a record, Data_Processing_Basis_Details key becomes null.