OpenCRM & EU General Data Protection Regulation

14 Dec 2015

You’ll have heard the rumours about the new EU data protection regulations that are due out soon…I say soon instead of a particular month because so much of these regulations remain unknown. And that’s not just the date of release, which seems to be ever fluid, but also what the contents of the regulations will be.

There are three parties that are currently in ‘trilogue’ to decide which elements of their three different drafts will be implemented. It isn’t easy to get a clear idea of what the new responsibilities will be, but there are some features, big picture items, that sound like they are going to be part of the core of these regulations.

The detail of how each will work is also unclear, but here’s an idea of how OpenCRM can help you manage your data when the new regulations are finally introduced.

Data access

The new regulations will require companies to provide people with the ability to edit and change the personal data they hold. You can give your customers (and other data subjects) the ability to view and edit the information you hold via the free Customer Portal.

Right to be Forgotten

Although you have always been able to delete records from your OpenCRM system, making them inaccessible to the general user, it is now much easier for your administrators to permanently delete a record. Doing this will ensure that individual’s data is completely gone, with no ability to restore it to your system.

Consent to Data Processing

As we will all now need to have consent to process someone’s data, the first step will be to record this consent and use it as a required filter on any and all automated data processing. Because the Action and Email plans of your system are editable by you, any profiling you have set up via these tools can easily be altered to match the new regulations.

Additionally, should you have any concerns regarding any workflow or calculated fields, you can always get in touch with us to discuss any necessary modifications.

Notification of Data Breach

Although we have never encountered such an event, it has always been our policy to notify our customers should there be a data breach of either our system or our servers. Using this notification, you will then also be able to get in touch with your own customers and any other relevant parties.


In addition to the above four big topics, there are a couple other proposed items in the EU General Data Protection Regulations that we need clarification on before we make any substantial modifications to our system. As with all of our features, we will be keeping our customers up-to-date on the progress of these developments.

Marketing Consent

The idea that consent for data collection, processing, and marketing now needs to be more explicit has given us reason to explore different ways of managing our email opt-out and subscription features in the OpenCRM system. We will, of course, be keeping our customers up-to-date on any changes relating to these features and which of these changes are the result of these new legal obligations.

Data Processing

Once the new rules have been fully published, this is an area where we expect to have some work to do in order to make it easier for our customers to highlight and place processing restrictions for when their own data subjects have given consent and when they have not.

The new EU General Data Protection Regulation is going to have huge implications for anyone who stores or processes personal data. To give you a better idea of how it may affect your business, why not check out some of the articles we’ve been reading: