Suitecrm GDPR compliance
The General Data Protection Regulation (GDPR) is regulation, that provides significant protections for the privacy of personal information of EU residents which were drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. It carries provisions that require businesses to protect personal data and privacy of EU citizens for transactions that occur within EU member states.
With the GDPR, EU member states are signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence.
As data intelligence becomes more important and necessary for companies to understand and serve customers better, it is critical that companies remain accountable to every individual’s right to privacy and security. Especially when your organization uses CRM it is more important to you to process and treat the customer data lawfully.
A complete SuiteCRM GDPR compliance solution
SuiteCRM Data Privacy (GDPR) solution provides companies like yours with the tools to build trust while enhancing customer experiences. This customized solution is not just about meeting GDPR Regulatory, But this solution implements best practices for data privacy into how they do business. It’s an opportunity for the Company's customers to build a relationship based on trust and transparency with their own customers.
Data Privacy Mananger (DPM)
Data Privacy Manager (DPM) is a type of user who leads a comprehensive solution for effective personal data management. This solution saves time and contributes to creating a culture of trust and encourages responsible behavior toward data management and data security. An admin user can create a Data Privacy Role and assign a user to that role, then select a Data Privacy Manager from the configuration screen.The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.
Personally Identifiable Information (PII)
Personal data is any information that relates to an individual who can be directly or indirectly identified. Names, email addresses, gender, location information etc. are personal data. Each orgaization have their own needs. So, You need to select fields as personal infromation to suit your organization's needs. That allows the Data Privay Manager(DPM) to easily clasify the personal data fields for the modules type of person like Contacts/Leads/Prospects.
GDPR was created to protect personal data and give individuals the ability to control how and where their information is used. So before using any data within an organization, GDPR requires organizations to get proper consent. This is often referred to as “opt-in.”
Consent management form helps you get consent from your prospects and customers. We provide a system where you can send consent form link, include it in your email templates, set consent related preferences, and most importantly, get assistance in keeping track of consent details. The consent status can be tracked for individual records and records in bulk. We have added multiple ways to get consent, Consent form, Update it manually or get it via GDPR Privacy request form.
Data Privacy Requests
This includes opting in or opting out and the possibility of exercising data subjects’ rights that were defined by the GDPR. We have created a webform that exposed to end-users is tailor-made to allow them to request Data Privacy like, Request for Data Access, Rectify Information, Request to Erase Data, Request for Portability, Restrict Data Processing, Consent to Process or Withdraw Consent. This represents an easy solution for GDPR compliance in the context of giving information to data subjects and fulfilling their rights.
Manage the Data subject requests
Right to access
Once customer request for the Data access either by feeling up the GDPR Request form or by email or phone. DPM will review the request and He/She can export the data that are in PII category into the WORD or PDF format as needed. Once the request is satisfied, DPM will close the Data Privacy Request by simply pressing the complete button on the detail view of the Data Privacy record. System by default set the Closed date as current date.
Right to erasure
Once DPM gets the request for Erasure. DPM will review the request and verify with Proof of Identity and Proof of Address that are provided by the customer in GDPR Data Request form. DPM will have button Erase Info on the detail view of the Data Privacy record, It will open up the popup and shows the matching email address or first name and last name records from the supported module. Based on the selection it will show you the related records of Calls, Meetings, Emails, Tasks, and Notes. DPM will have an option for Anonymize, Delete or Archive. System automatically replace the value of PII field with sign "****" to make it unidentifiable.
Right to object to data processing
Right to object to data processing is also known as Restrict Data Processing. Once customer request for the restriction, DPM will review the request and based on it. DPM can complete the request or reject. If DPM clicks on the complete button, It will update related records with field "Restrict Processing?" for supported module. So in future, any users can filter the records based on the flag to create Target List for Marketing Campaign or any means of follow-up to that particular customer.
Right to portability
When Data Privacy manager receives a request for Portability. In System, He/She will have the option to Complete or Reject the request. If DPM decides to reject, It will forcefully ask to fill the reason for the rejection. If DPM decide to complete, It will have popup with option to Export PDF or Word format file with the data that are fall in PII (Personally Identifiable Information). then after DPM can send it those file in any form via email or printed copy as per company policy or as needed.
Right to manage consent
One of the simplest ways of getting consent is through a data capture form, on which customer can simply select the consent options like, Marketing Email, Call, SMS, Postal Marketing or Business processing. Here In solution, we have created an action in Listview from where he can send an email with a link of the Consent Form. so, customer, themselves can select the opt-in option as per their choice. and the choice of the customer will be automatically captured once the form is submitted. besides that, it will update the consent data like Date of last consent updated, Consent status like Pending, Waiting, Obtained and Not responded . As a solution, we have also introduced the mechanism where if we haven't received the Consent in last 30 days after sending it, System will automatically find the records that are waiting since last 30 days and update it to Not responded.
Right to withdraw consent
As we obtained the consent, Similar way customer can withdraw the consent anytime by filling up the Request form with option that he/she would like to opted-out for those status, like Marketing Email, Call, SMS, Postal Marketing or Business processing. As DPM receive the request, they can process to either Complete or Reject. If DPM go with Complete. It will automtically update the releated records as per the original request for withdraw consent option that selected by the customer.
DISCLAIMER: As a Data Controller, you are responsible for safeguarding the data of your customers, take measures to ensure effective implementation of data protection and CRM systems in order to comply with the GDPR.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. We do not provide legal, accounting or auditing advice or represent or warrant that installation of Urdhva Tech's Data Privacy module will ensure that clients are in compliance with any law or regulation.