GDPR compliant CRM: there is plenty to do – start now

On 27 April 2016 – quite unnoticed by the general public – the European Parliament in Strasbourg passed a law which strengthens the rights of consumers and whose implementation is quite challenging for companies: the EU General Data Protection Regulation (Regulation 679/2016), short GDPR. The two-year transitional period connected with the GDPR coming into effect in May 2016 will end on 25 May 2018. This is the latest time for companies to meet all the provisions of the regulation. Therefore, it makes sense to prepare as early as possible. COSMO CONSULT helps you adapt your IT processes to the new regulations. This applies in particular to the required changes to your CRM software.

Is your company and CRM software GDPR-ready?

“The GDPR entails a massive need for action in the CRM field. CRM systems must be adapted, work processes and work instructions must be adjusted to comply with the new data privacy laws. The scope and the variety of changes represent a major challenge for medium-sized enterprises”, states the lawyer Mag. Peter Harlander, owner of lawoffice.at. His law office specialises in the new General Data Protection Regulation.

Do you have any questions about the GDPR?

^{_{We look forward to receiving your message.}}

Contact

cc|crm gdpr process and data package

Most of the requirements of the GDPR can be implemented best in close cooperation with partners from the legal and technical fields. After all, the due process changes generally concern both fields. For the cc|crm gdpr process and data package add-on, COSMO CONSULT has therefore assured the support of Thiemo Sammern, Managing Director of data.mill GmbH – GDPR, data quality and data storage specialists – and lawyer Mag. Peter Harlander. Together, we have put together a package that helps you make Microsoft Dynamics 365 (formerly Microsoft Dynamics CRM) and your sales and marketing processes GDPR-compliant.

Strictly speaking, the package includes two solutions and thus covers the following articles of the General Data Protection Regulation:

cc|crm gdpr process and data package by COSMO CONSULT:

Right of access by the data subject (Article 15)
Right to data portability (Article 20)
Right to erasure (Article 17)
Right to restriction of processing (Article 18)

data.mill’s solution:

Right to rectification (Article 16)
Principle of accuracy (Article 5 Para 1 (d))

Our solution is GDPR-ready

^{_{The solution has been checked by data.mill GmbH regarding the GDPR and is considered to be GDPR-ready. The associated user documentation is available.}}

cc|crm gdpr process and data package in detail

1) GDPR basis in the CRM system

At the contact level, Microsoft Dynamics 365 for Sales must feature some entities to provide a basis for compliance with the requirements of the GDPR. For instance, the legal basis, the basis of the consent, the purpose of processing, an expiry date and the origin of the contact must be stored.

2) Right of access by the data subject

Data subjects have the right to obtain from the company information regarding whether or not personal data are being processed. If this is the case, the data subject has the right of access to these data. To meet these requirements, data is stored in Microsoft Dynamics 365 for Sales in an accountable manner and hence available at the click of a button.

3) Right to data portability

If personal data is being processed, data subjects have the right to obtain the stored data in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another company. And this without being impeded by the company that provided the personal data. This requirement is ensured in the GDPR package using a standardised export.

4) Right to erasure

Data subjects have the right to obtain from the company the erasure of personal data without undue delay. The company then has the obligation to erase these data without undue delay. Erasing data did not correspond to the CRM mindset up until lately. Due to the GDPR, however, this has become a compulsory feature in any CRM system – and is covered in the cc|crm gdpr process and data package.

5) Right to restriction

a) Of processing

Data subjects have the right to obtain from the company the restriction of data processing. This is mapped by a change of the processing purpose and executed depending on the requirements of the contact.

b) Principle of accuracy

Personal data shall be accurate and, where necessary, kept up to date. This is why every reasonable step must be taken to ensure that personal data that are inaccurate with regard to the purposes for which they are processed, are erased or rectified without delay. Regular, automatic checks of the data are performed to guarantee the accuracy of the data. With the data.mill add-on, among other things, addresses, phone numbers and country codes can be checked and enriched.

For the full legal text of the GDPR, see: http://bit.ly/gdpr-law.

Does this sound interesting?

Then give us a call or send us an e-mail. Together, we will develop a GDPR-CRM-package which is exactly tailored to your business and allows you to feel confident about the future.

Share this page

Contact Us!

COSMO CONSULT International

Address: COSMO CONSULT SI GmbH
Lothringerstraße 14
1030 Wien