ABPro and GDPR
Two features can help you maintain GDPR compliance when using ABPro.
- Use a required UDF checkbox to obtain permission from the customer to store their personal information, required for the appointment booking.
- Use the GDPR screen to allow the customer to see and, if they wish, remove all their data. (version 4.0.3 RC5 and above)
A UDF checkbox
As a first step in your GDPR compliance you can add a simple UDF (User Defined Field), to your booking screen, that requires customers grant you permission to store their name and email address as part of an appointment booking.
This shows your customers that you are concerned about their personal data and solicits an acknowledgement that they are okay with you collecting it.
The above message is just an example, and you can tailor it to your business, maybe providing a phone number or email address if the customer wants their data removed.
To do this, create a required, checkbox type UDF, adding whatever text you feel is appropriate.
The GDPR screen
ABPro does not store 'user' information, only 'appointment' information.
The GDPR screen will let your customer see all data stored for their appointment.
ABPro creates a GUID (Globally Unique Identifier) for each booking. It is the cancellation id in ABPro, but can be used as a GDPR key now.
You can include a 'GDPR Key' in your confirmation email using the token [cancellation_id], like this..
GDPR key: [cancellation_id]
Create a menu to call the GDPR screen. If you would rather call from a link, you can make the menu hidden and use a link based on the URL that Joomla creates for the hidden menu.
The first screen displayed will prompt for the GDPR key..
The customer enters the GDPR key you provided in the conformation email and clicks 'Next'..
The booking information, including UDFs are shown.
The header and footer text can be set in the menu setup screen, advanced tab.
If your site does not allow customers to cancel appointment bookings, the cancel section will not be shown.
In that case you will need to explain, in the header or footer, how the customer can contact you to get their booking cancelled and their data removed.
When they hit cancel, the booking will be cancelled and name, phone, email, and UDFs will be replaced with filler text.
If the customer accesses their booking information again, they will see..
By design ABPro has no facility to automatically delete any data once an appointment has passed.
ABPro does provide tools to let your administrator delete old booking data.
How often you purge old booking data is up to you.
Two ways to purge old data are:
- From the back end Administrator, Appointments screen, filter by a date range then select the bookings and hit 'Remove'.
- In the Backup/Restore screen there is a function to purge all data older than a user specified date.
As in all ABPro screen the text for the screen is in the language file and can be altered as you require.