The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with the new regulations.
Article 20 of the GDPR legislation creates a "right to data portability," which allows data subjects to "receive the personal data concerning him or her...in a structured, commonly used and machine-readable format."
Data Portability in ControlShift
There are a few ways that ControlShift supports a user's ability to receive a copy of their information.
First, for members with full user accounts, we include an option to download a JSON file of their activity. Users with full accounts can log in and click My Account in the user dropdown menu. From their My Account page, the user will find a Download a JSON File of All Your Platform Activity button in the righthand column.
Second, admins can generate a JSON file of a user's activity, regardless of whether the user has a full member account or not, from their user record page. To generate a JSON file for a user, go to the admin homepage > People > search for the email address > go to the user page > Activity tab > Download a JSON File of this Member's Platform Activity. Admins can then send this information to the data subject.
Finally, depending on your organization's technical capacity, you can also use our Authenticated REST API endpoint to get a record of a member's platform activity. This option may be particularly useful for organizations that want to build a single portal where supporters can export all of the activities they've taken on any platforms supported by the organization. More information can be found here: https://developers.controlshiftlabs.com/#members.
While this article explains how to export a user's activity from ControlShift, it's likely that any given user will have also interacted with your organization through another channel. When a user requests their information from an organization, they should likely receive a copy of all activity across all systems. Therefore, your organization may need to consider workflows that will ensure a user's information is collated correctly.
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.