GDPR and Open CRM
The General Data Protection Regulations (GDPR) came into force in both the UK and the EU on 25th May 2019.
It completely changes the way we think about personal data.
To help the users of Open CRM, we have put together this page to guide them through where to find the best information about their responsibilities, how to use Open CRM to meet these responsibilities, and how we as a company have implemented our own changes in the face of GDPR.
Resources Available on Request
- Data Retention Workbook
- Right to be Forgotten Workbook
- Considerations with your Customer Portal
- Recording data processing consent
When it comes to data about an individual or company, GDPR guarantees you a number of rights, including…
That means we as a data controller…
- Knowing where the data came from
- The ability to correct inaccurate data
- Being kept informed about how your data is processed (and able to object to this processing)
- Requesting a copy of the data
- Having to explicitly opt in to receiving marketing communications
- Asking for your data to be removed
- Tell you what data we hold on you and where we got it (and let you know when we are collecting more)
- Have documented data processing policies (and give you information about these)
- Provide you with the ability to check and update your data
- Have data retention policies in place so we don’t keep data longer than we need it
- Obtain your consent for sending you any marketing communication
- Work with you (and within our legal requirements) to erase any data you don’t think we should have
We also have a responsibility to protect your data to the best of our ability. To ensure this, we…
But what if something goes wrong? Well, if we were to ever have a data breach, we would…
- Follow best industry and development guidelines for all systems and servers
- Carry out 24/7 monitoring on our data centres
- Ensure all servers and PCs are kept up to date and patched
- Have documented data processing and retention policies
- Train our personnel on best practices and our own procedures
- Regularly review this these procedures and policies
- Find out more about our commitment to security on our Security overview page
- We have also achieved the Cyber Essentials Plus certification
- Notify you within 72 hours
- Provide you with information regarding the data that was affected
- Notify and work with law enforcement and forensic investigations (as necessary)
- Carry out a full internal investigation
- Make any and all necessary improvements to protect against such a breach in future
We’re here if you need us
Get in touch with our team to chat about how you can use Open CRM to meet your GDPR requirements.
request a call