While the GDPR has attracted much attention in the tech world, it’s usually in the context of websites and cookies. However, it applies to any collection or processing of personal data, including on CRM software. Here’s how you can comply, says. Felix Sebastian, Managing Editor, Termly.
CRM Features-Basics of GDPR
The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy law that has been in legal force since May 25, 2018. This law sets rules regarding the processing of personal data of the residents of the European Economic Area (EEA) and Switzerland.
Under the GDPR, processing means any use of personal data, including collection, while personal data is any piece of information that identifies or relates to a specific individual (who is known as the data subject).
The GDPR’s key measures to protect the privacy of its data subjects include legal requirements to:
- Get consent before collecting and processing personal data
- Secure personal data
- Give customers the right to see the data businesses hold, to correct it, and to ask businesses to delete it.
Scope of GDPR
The GDPR applies whenever either the data processor/controller, the data subject, or the processing itself is located in an EEA member state (or Switzerland).
The law applies to both data processors (the people and businesses that actually handle the data) and data controllers (the people who make decisions about how to handle the data).
That’s significant, as your use of customer relationship management (CRM) software comes under the scope of the GDPR.
Unlike some data privacy laws, the GDPR has no minimum size thresholds in terms of revenue or number of employees: any business that processes personal data is affected.
GDPR & CRM Software
CRM software incorporates a range of tools and processes that enable a business to organize data about its customers. This means that the use of CRM software inherently involves the processing of personal data, triggering GDPR requirements.
When you are choosing or configuring CRM software, make sure it allows you to carry out these four key GDPR-related tasks.
While the GDPR lays down six legal bases for collecting personal data, many CRM software users rely on getting the data subject’s consent.