We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Document GDPR consent

In this article

    As a company, you need to collect, store and handle people’s personal data. Under the GDPR, you now need to have a lawful reason for why you want to store this information.

    To make it easier, SuperOffice has a set of features called Consent Management, designed to help you document when, how, and why new personal data entered your CRM solution.

    Ask for consent

    The GDPR outlines what is regarded as lawful reasons to handle personal data and requires you to gain the person’s consent.

    In some cases, you need to ask for explicit consent to collect and store personal data. This could be relevant if your business collects sensitive personal information about a person. It is also common practice to ask for consent up front when securing personal details via inbound marketing methods.

    Whenever explicit consent is needed, then the GDPR states you must document the consent itself, as well as where it was collected, when it was collected, and by whom.

    This is what you achieve by using the consent management fields in SuperOffice CRM:

    • Legal basis: where you can document the reason of why you want to store and use an individual’s data;
    • Purpose: where you can document what you are going to use the data for;
    • Source: where you record how a contact’s personal information was collected. This can be anything from getting a business card, to receiving an email or someone filling out a web form on your website.

    What types of purposes, legal basis and source you need will depend upon how your business collects personal data and for what reasons and purposes. Once you have identified this, you are able to define these fields inside your SuperOffice CRM.

    Define consent requirements

    To define these fields, you have to go to the Settings and Maintenance module and select Privacy. This is where you can define the different consents your business requires to document and store.

    There are two default purposes already created in the section for you to use:

    The first, Sales and Services, suggests that the reason you store personal data in your CRM solution is that you want to sell and/or service the contact with your products and services.

    The second, E-marketing, states that your purpose for storing the information is to send marketing material to a contact. In a lot of European countries, this purpose requires explicit consent especially when sending marketing materials to prospects.

    These purposes may or may not be the right consents for your company to use. Based upon your own company’s privacy policies, you need to:

    1. Define what privacy fields are right for your company;
    2. Set up the privacy settings according to the consent documentation you need.

    It is possible to update, add or delete all the reasons your company needs for storing consents.