Note: This article only applies to Community Admins, Brand Super Admins, or applicable custom roles. For more details on Studio access, please refer to the Defining Roles and Restrictions article.

As of May 25, 2018 the European Union's (EU's) General Data Protection Regulation (GDPR) affects all companies processing data from EU citizens. Firstup has features that empower our customers to comply with the GDPR requirements, though the regulation only applies to the data of employees with citizenship in the EU. If you do not have employees located in the EU, you still have the option to leverage these features for your community but are not required to do so.

To comply with GDPR, we have the following features:

• Data portability: Users will be able to request an export of their data directly through the member experience and Community Admins and Brand Super Admins will be able to export a user’s data from the Users page in Studio.
• Right to be forgotten: Users will be able to reach out directly through the platform to request the erasure of their data and Community Admins and Brand Super Admins will be able to forget a user’s data from the Users page in Studio.

Configure GDPR Contacts

Brand Super Admins can add one or more email addresses to be contacted by GDPR requests. This email address will be contacted when users request to export or erase their personal data.

Customize who on your team receives GDPR request emails from your users by navigating to Configure > Security > Legal in Studio.

If adding multiple email addresses, you must add commas between the addresses.

If you do not see this option on your Legal page in Studio, it means that GDPR features have not been enabled for your community. Please reach out to your Customer Success Manager to enable them.

Note: A GDPR contact is mandatory.

Export User Data

Export Data is to be completed after receiving a request from a user.

If you are looking to export the data about more than one user, please refer to Review or Edit User Data and Roles - Exporting Users instead.

How to export data for one user:

1. Sign in to Studio.
2. Navigate to your community's Users page.
3. Search for the user who requested the data export by email or name.
4. Click on the three dots to the right of the user to select Export Data.
   
   
   
   
5. After selecting Export Data, exports can be downloaded by navigating to Configure > User Exports and clicking on the export.
6. Respond to the user with an email that includes the exported .csv as an attachment. Create a new email if you are not able to reply directly to the user.

The Export Data button does NOT trigger an email to the user. Per the requirements of General Data Protection Regulation (GDPR), the request for the exported data must be fulfilled by the Data Controller (your Organization), the request cannot be fulfilled by the Data Processor (Firstup). 

Forget (aka Erase) User Data

To be completed after receiving a request from a user.

1. Sign in to Studio.
2. Navigate to your community's Users page.
3. Search for the user who requested the data export by email or name.
4. Click on the user to view the user's details and select Forget User (GDPR).
   
   
   
   
5. You will be prompted to confirm that you want to proceed with this irreversible step. Forgetting a user does the following:
   • The user's personal data is erased, all other data for their record is anonymized, and they will no longer be able to log into the web experience, mobile apps, or Studio.
   • If you try to look the user up later, you will find no results by email or name. The account will appear as a Deactivated profile with a name such as "ForgottenUser".
   • Note, the Deactivated status does not prevent the user from creating a new account with the same email - see the re-registering note below.
6. Respond to the user with an email confirming that their account has been erased. Create a new email if you are not able to reply directly to the user.

The Forget User button does NOT trigger an email to the user. Firstup is not able to automate a reply to the user, as the user's email and device information has been erased from our system.

Note: If you create users through one of our provisioning tools such as a user data file or API, you must remove this user from your user creation pipeline before the user is forgotten. If the user is not removed from your user data file, at the time of your next file upload the user will be re-added to the platform as a created user including custom attributes provided in the file. This will violate their expectation of being forgotten.

Forgotten Users in the Member Experience

The author for posts published by forgotten users will display as 'Former User' in the web experience and as an anonymized user name in the mobile app. 





Clicking on 'Former User' (in the web experience) will take you to the user's profile which will be anonymized.



Comments posted by forgotten users will display 'Anonymous' as the author in both the web and mobile app.

Forgotten Users Re-Registering

If a forgotten/erased user chooses to re-register, they would be able to create a new account using the same email that was forgotten (our system will not recognize their email or employee ID or nameID as having previously registered). Do not use Forget User to handle a user that needs to be stopped from accessing your community (such as a separated employee). We recommend using the Deactivate User option to stop a user from accessing the community.

What Data Does Firstup Collect?

Please review the attached spreadsheet for more information about the data we collect on each user. For any definitions for metrics you are unsure about, refer to our Glossary of Terms.