How can my CRM software help with GDPR compliance?
Your CRM software is a vital tool to achieving and maintaining GDPR compliance.
Consider a scenario where your business policies clearly state that you only need to collect name, address, and email information, to carry out the required service to your customers, then your CRM needs to be configured such that this is all it is able to collect and store. Your CRM should not allow users to enter any other personal details such as age, relationship status, etc.
All your sales reps using the CRM need to be informed and trained on the implications of the GDPR. Because your CRM holds records about individuals you sell to, it is vital that you can identify where, when, and how the records have entered into your system. In Freshworks CRM, the 'Source' field of a Contact is to answer that question.
Bulk emailing/cold emailing individuals:
If you use the bulk Email or Sales Sequences features in Freshworks CRM for email campaigns you need to implement an “Opt-In” process for gaining permission to email to the individual stating when you gained the email address, and what you intend to do with the email address. For instance, let’s say you run a business that sells two products—A and B. If you get an individual’s details through a sale of Product A and then you start emailing them about Product B, this could be considered a breach of GDPR. You can mitigate this by setting up multiple opt-in conditions.
Phone calls/Cold calling:
The GDPR currently does NOT prohibit you from making calls to potential customers but for accountability purposes, you must know when you made the call and how long the call lasted. The in-built phone channel in Freshworks CRM allows you to log calls and make notes and will now also come with the ability to turn on/off call recording at will.
For how long can a CRM store an individual’s data:
The GDPR legislation has rules around this policy which vary in terms of the extent of this data and the length of time it may be reasonable to store this data depending on your specific business needs. For instance, the legislation dictates that say, beyond product warranty period, there would be no reasonable need for a business to retain an individual’s data. Freshworks CRM now has a “Delete” feature that allows you to completely delete contact data from Freshworks. This holds good in the case of backup and archiving as well.
An individual’s rights and requests:
Under the GDPR legislation, an individual can request an update to their information, a report of what information you hold on them and the right to be forgotten. When such requests are made, a good CRM software with robust record management at its heart will make it easier for you to identify the right individual and ensure that this individual has only one record in your system. Freshworks makes it easy to view, export, and delete records in a single click!
User Access Rights:
Before GDPR kicks in, it is advisable that you review your team’s structure and how your team uses your CRM software and accesses the records present in it. Most CRMs will generally allow you to define who has access to what kind of data and has rights to view, modify, and delete the said data.
User Access Rights:
Before GDPR kicks in, it is advisable that you review your team’s structure and how your team uses your CRM software and accesses the records present in it. Most CRMs will generally allow you to define who has access to what kind of data and has rights to view, modify, and delete the said data.