Manage your privacy settings (GDPR)
Updated on 20 Oct 2021
As a company, you need to collect, store and handle people’s personal data. Under the GDPR, you now need to have a lawful reason as to why you want to store this information. Gain an overview of your key GDPR settings available in SuperOffice CRM in this guide.
The General Data Protection Regulation (GDPR) provides citizens of the EU with greater control over their personal data and assures that their information is being securely protected across Europe, regardless of whether the data processing takes place in the EU or not.
All businesses gather personal information about their prospects, customers, suppliers and business contacts. This is typical information that is stored in your CRM database, and you need to be able to document and handle it according to how you run your business and the GDPR requirements.
To make it easier, SuperOffice CRM has a set of privacy features called Consent Management, designed to help you document when, how, and why new personal data entered your CRM solution.
SuperOffice CRM covers your documentation needs
There are several ways the information about persons and their personal data gets stored in SuperOffice CRM. It may come from manual registration, via email, through chat, service tickets, web forms, or integrations to other back-end systems.
Regardless of how a person "enters” the database, SuperOffice CRM offers the documentation a company needs for the WHY, HOW and WHEN new personal data enters the system.
This means that you are responsible for defining policies that are GDPR compliant.
Then you can set SuperOffice CRM to automatically record:
- the correct purpose (WHY you are storing the information on a particular person);
- the legal base (GDPR article 6.1 – Lawfulness of processing);
- the source/origin (HOW this person entered SuperOffice CRM, for example: manual registered, via web form, email, etc.);
- the date and time (WHEN the information on a person was entered),
- who did it.
To help you meet the GDPR requirements, SuperOffice CRM contains a whole set of features.
From the start, there are some default settings that you can change to fit the way you work, and there are additional options to support how your company gathers and handles personal data.
Ask for consent
The GDPR outlines what is regarded as lawful reasons to handle personal data and requires you to gain the person’s consent to store their data and respect their privacy.
In some cases, you need to ask for explicit consent to collect and store personal data. This could be relevant if your business collects sensitive personal information about a person. It is also common practice to ask for consent up front when securing personal details via inbound marketing methods.
Whenever explicit consent is needed, then the GDPR states you must document the consent itself, as well as where it was collected, when it was collected and by whom.
This is what you achieve by using the consent management fields in SuperOffice CRM:
- Legal basis: where you can document the reason of why you want to store and use an individual’s data;
- Purpose: where you can document what you are going to use the data for;
- Source: where you record how a contact’s personal information was collected. This can be anything from getting a business card, to receiving an email or someone filling out a web form on your website.
What types of purposes, legal bases and sources you need to use will depend upon how your business collects personal data and for what reasons and purposes. Once you have identified this, you are able to define these fields inside your SuperOffice CRM.
Define privacy and consent requirements
To define these fields, you can go to the Settings and Maintenance module and select Privacy. This is where you can define the different consents your business requires to document and store data.
There are two default purposes already created in the system for you to use:
In Settings and maintenance you can define privacy and consent requirements
The first, Sales and Services, suggests that the reason you store personal data in your CRM solution is that you want to sell and/or service the contact with your products and services.
The second, E-marketing, states that your purpose for storing the information is to send marketing material to a contact. In a lot of European countries, this purpose requires explicit consent especially when sending marketing materials to prospects.
These purposes may or may not be the right consents for your company to use. Based upon your own company’s privacy policies, you need to:
- Define what privacy fields are right for your company;
- Set up the privacy settings according to the consent documentation you need;
- Update, add or delete all the reasons your company needs for storing consents.
Did you find this information useful?
In this article