Setting up your compliance area FAQs

Welcome to your new Compliance Area.

Below you'll find some quick tips and instant support on how to get started in setting up your Compliance Area on the Volcanic website to support your GDPR obligations. 

For more detailed information that explains Compliance Area in the context of the GDPR, download our guide.  

Where do I start?

The starting point is to upload the details of your data representatives. Without this information saved in the system, Volcanic may not act as your data processor.  

How do I upload my data representatives’ details?

The main data representative must first of all have an admin account in the system.

Next, go to the Compliance tab in the left hand menu of your website’s Admin Area.

Under Compliance, click the Data Representative tab.

From the dropdown menu of all admin users, select your data representative (DR). Check their contact details are correct.

Your main data representative should be the contact you have registered with the Information Commissioner’s Office (ICO).  This could be your DPO or designated data representative. You can also add other DRs as secondary contacts.

Secondary DRs do not need to have an account in the system, but they need one to be upgraded to the main DR. Only the main DR can add a new main DR. 

Will Volcanic help me write my legal messages, consent messages or cookie policy?

Every business will need to write its own policies and bespoke messages, whether these are your terms and conditions, your cookie policy or your legal, preference or consent messages. To find out which cookies are used on the Volcanic website, read our blog here.  The ICO's privacy notices section may also be a useful resource.

Can I change the wording that appears on my candidate dashboard? For example, can I change the titles of legal or preference messages?

Yes. You can edit the wording that will appear on the candidate dashboard and in the legal and preference messages and titles to suit the needs of your business. For example, you may change how the RTBF or Right To Be Forgotten wording appears on the candidate dashboard.

How? Go to 'Global' in the Admin Area and click the Theme Content tab. In the dropdown, select User Dashboard where you can edit the wording as you require.

How do I upload my legal and preference policies?

Go to the Compliance tab in the left hand menu of your website’s Admin Area.

Under Compliance, click the ‘Consent’ tab.

In the top right corner click on the ‘New document’ button.

Under document type, click the drop down menu and select the type of document you wish to upload.  This could be

• Cookie policy

• Privacy policy

• Terms and conditions

• First opt-in message

• Second opt-in message

• Age verification message

Give your document a title - for example Cookie Policy 1.1. Set a version number and then add your cookie policy in the box.

You may now configure the settings to choose where the policy appears:

There are 4 checkboxes:

Active - This makes the document visible on the site.

Needs approval - This makes the document approvable by a user. If you don't select this function it will be set to accept by default, in the same way as your cookie policy.

Include in forms - to set the document to appear in the application and registration forms.

Require accept - This makes the field mandatory in order to submit forms. It is only available if "Include in forms” is ticked and will only appear once you tick the Include in forms box.

To show the new document on your site tick the ‘active’ box.

You can now view the document by clicking the plus next to the document type.

How do I enable or disable the Right To Be Forgotten function on the candidate dashboard?

Go to the Compliance tab in the left hand menu of your website’s Admin Area.

Under Compliance,  click the RTBF tab and tick the ‘enabled’ box in the top right. Unticking this box disables this function.

How does a candidate make a Right To Be Forgotten request?

On the candidate dashboard, underneath their profile picture, the candidate will be able to click ‘Right To Be Forgotten request’. Once clicked, the next screen will present them with an option to ‘submit request’.

How am I notified of a candidate RTBF request?

When a candidate makes a Right To Be Forgotten request, it triggers an email notification to the data representative (DR) with instructions on what to do.

The DR will also receive a reminder email seven days before the request is due to be completed.

How do I enable or disable the Subject Access Request (SAR) function on the candidate dashboard?

Go to the Compliance tab in the left hand menu of your website’s Admin Area.

Under Compliance, click on the SAR tab and tick the ‘SAR enabled’ box on the left hand side. Unticking this box disables this function.

How does a candidate make a Subject Access Request?

On the candidate dashboard, underneath their profile picture, the candidate will be able to click ‘Subject access request’. The next screen will present them with an option to ‘submit request’.

How am I notified of a candidate SAR?

When a candidate makes a Subject Access Request, it triggers an email notification to the data representative (DR) with instructions on what to do.

How do I enable the data portability request function to appear on the candidate dashboard?

Go to the Compliance tab in the left hand menu of your website’s Admin Area.

Under Compliance, click on the SAR tab and tick the ‘User download data’ box on the right hand side.

If you choose not to enable this, we strongly suggest that you make provisions for this request to be made and handled by yourselves in an alternative way.

How does a candidate download their data under the data portability requirement?

If you have enabled this function, on the candidate dashboard within the ‘My Data’ section there will be a ‘download data’ button. When they click this they will download a CSV of their data.

How do I deal with a candidate request to restrict processing their data?

Under the GDPR individuals have a right to suppress processing of personal data. If an individual requests their right to restrict processing you must action this.

To do this you need to go to the Users tab within your Admin Area and search using the Search function for the individual by name.

Bring up their details by clicking on their name and click the ‘Suspend User’ button to prevent any further processing of data.