General Data Protection Regulation (GDPR) / EU-DSGVO
We’ve put together an overview of the GDPR and Revamp CRM, and answered your questions to help you work within the new regulations.
This post is to assist you in using Revamp CRM, but should not be regarded as legal advice. If you have questions on how the GDPR will affect your business we recommend you seek legal advice.
What is the GDPR?
On May 25, 2018, a new EU privacy regulation will come into effect called the General Data Protection Regulation (GDPR). It imposes tougher obligations on businesses with regards to how they collect, store and manage personal data of EU citizens, regardless of whether the data processing takes place in the EU or not.
Does the GDPR affect Revamp CRM customers?
The GDPR will affect anyone who stores personally identifiable information of any EU citizen. Personally identifiable information can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.
What is Revamp CRM doing to prepare for the GDPR?
We’re committed to your data security and privacy. In light of the GDPR we have reviewed our data processes and practices to ensure we’re fully compliant by May 25, 2018. For example we are:
- Putting in place a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
- Updating both our Terms of Service and Privacy Policy to ensure our compliance in respect of the data we hold about you.
- Reviewing Revamp CRM’s functionality to consider whether we can make any improvements that make Revamp CRM more efficient for users who are subject to the GDPR.
A helping hand with compliance
GDPR emphasis on respecting your customer’s data and processing only the data that you need. We already have features in place to help you manage your customer’s data correctly. Here are some suggestions to help you with compliance:
Recording consent
With the GDPR you need to have lawful basis for processing personal data, consent is one of them. If you need to record consent, you could choose to add a Custom Field such for consent and can also choose to add a date field to record when consent was given. You could also use Revamp CRM’s tag features to tag contacts who have consented to you contacting them again.
Deleting data permanently
You may wish to remove data that is no longer being used for its original purposes before May 25. Also, under the GDPR there is emphasis on the right to be forgotten, enabling an individual to request that their data be deleted. You can delete a single contact and also delete a list of contacts. These deleted records are permanently deleted.
External Resources
If you’re looking to understand more about GDPR, we suggest you review the advice given by the UK Information Commission Office (ICO), they are responsible for implementing the GDPR legislation in the UK. They provide practical advice such as an overview including key areas for Data Controllers to consider and get in place for May 2018, along with their 12 steps to take now.