Case management capabilities

Meeting the Need

The General Data Protection Regulation (GDPR), and aligned UK Data Protection Act 2018, has placed a significant responsibility on all companies holding individual data of EU residents in terms of ensuring the proper handling of Personally Identifiable Information (PII). Organisations are now required to respond to individual requests to exercise their GDPR-bestowed rights, such as the right to access, right to erasure and right to data portability. The implementation of large-scale regulations, such as the GDPR, requires that organisations address how such compliance measures will impact their day-to-day operations.

Critical factors to consider on the path to compliance include how regulations affect organisational workflow, internal & external communications and employee collaboration. Civica has 20+ years of experience in enterprise case management, offers a robust platform that has been specifically tailored to the requirements that the GDPR requires. Civica's Case Management platform, powered by iCasework, offers a robust, comprehensive environment designed to handle all aspects of GDPR-related requests. Our approach to effective case management is based on a strong focus on case workflow, secure communications and configurability.

Case Workflow


The Case Management platform features a highly intuitive, straightforward workflow that facilitates an easy transition from one stage to the next in terms of managing GDPR-related cases. We offer a high level of configurability that empowers your organisation to fully control workflow accessibility based on your requirements. Our solution offers multiple customisable user types that enable access to functionality based on their role within your organisation. For example:

  • Frontline Users (e.g. from a contact centre) may be able to create new cases, but have limited capability to work on the cases
  • Case Handlers can have varying degrees of access to increasingly complex case management features
  • Power Users, such as administrators and management, would have access to the full array of functionality such as reporting, analysis and internal performance metrics.
GDPR Focused

Unlike generic case management systems, Civica's Case Management platform is designed specifically to manage GDPR related cases. Whether via email, contact centre input or a website form, customers have multiple options to initiate requests. Upon receipt, the solution automatically assigns a unique case number and enables your case handlers to specify the type of GDPR request (i.e., subject access request, individual’s right request, disclosure request or incident / breach). All files, documents, photos, graphics, audio and other media sent by your customer are immediately associated with the new case and can be accessed at any time.


The workflow is highly intuitive — case management processing is facilitated by straightforward “What’s next” and “What’s done” content sections. Case handlers simply follow the steps from initial assessment to case closure. There is no room for error, as each stage is based on the exacting requirements needed to comply with the GDPR regulatory framework. This includes opportunities for internal collaboration with colleagues as well as customised templates that support external communications with customers.

Keeping Track

As with all compliance driven workflows, accountability of actions is of paramount importance. This is equally true for the GDPR and is facilitated by a pair of features

  • Timeline is an event-driven interface that displays the progression of completed tasks over a case’s lifecycle.
  • Audit Trail is a user-driven interface that conveys exactly what actions were taken according to the user who performed them, including user access records


At the heart of the Case Management platform is its secure, self-contained communications feature set.

Case-related email messages between your organisation and your customers are performed entirely within the Case Management platform environment, effectively enabling you to centralise all content in one location. All messages and their associated content, such as media and documents, are recorded and kept for easy reference within the system. Customised GDPR-friendly templates and configurable branding allow your organisation to send bespoke corporate messages from the Case Management platform. When customers reply to your emails, the content—and all attachments—are automatically associated with their case for future reference.

In line with the core intent of the GDPR, Civica's Case Management platform offers a highly secure self-contained structure when communicating externally with clients. When sending a message, simply tick the “Send securely” checkbox to enable a password-protected logon procedure that allows customers to access their sensitive data from the security of the Case Management Platform. To learn more, please see Secure data delivery. Internal communications are facilitated by integrated workflow processes and collaborative features designed to spur engagement between your employees. For example, a customer may request specific content relating to their history with you (i.e., a subject access request). In these instances, case handlers are presented with a task link entitled, “Get information” that enables them to easily contact colleagues within the system and even external users not in the system. All case details are automatically associated with the message and task alerts are auto-created for recipients. A simple click of the “Collaborate” link enables your case handlers to immediately message a colleague or initiate the online chat feature. The system records & retains all communications and associates them with the active case, effectively creating a reliable reference record.


The flexibility of Civica's Case Management platform is made possible by its built-in configurability. Options can be defined; forms can be customised and workflows can be configured so that the Case Management platform is aligned with your specific business needs. Throughout the design and implementation process, we work with you to create a case management framework that empowers your enterprise to successfully meet GDPR regulatory requirements.