Disclaimer: The purpose of this article is to help Freshsales users understand GDPR, however, this article cannot be considered as legal advice. We recommend that you speak with your legal counsel to learn how GDPR might affect your particular organization.
What is GDPR?
General Data Protection Regulation (GDPR) is a new legal framework that regulates the collection, usage, and processing of personal data of EU citizens. All individuals and organizations regardless of country of origin, who collect and/or process data from EU citizens need to be compliant. GDPR will come into effect from 25th May 2018.
You can read more about GDPR and Freshworks commitment towards GDPR here.
What is Freshsales doing to prepare for GDPR?
At Freshworks, we’re committed towards helping you achieve GDPR compliance. Keeping that in mind, we are building several GDPR specific features and enhancements.
- Opt-in for Web forms
- Opt-in and Opt-out for Emails
- Storing the consent details
- Easy data export
- Forget Lead or Contact
- Restrict users to send emails when unsubscribed
- Restrict users from exporting customer data via reports
- Restrict users from permanently deleting (forgetting) leads or contacts
- Deleting a User
- Disabling auto profile enrichment
You can read more about Freshsales GDPR related features and enhancements here.
How will GDPR affect sales teams?
Aligning sales processes with GDPR
The GDPR requires transparency around data collection and processing. Both sales and marketing teams should also make sure the data software in use can handle requests from individuals who wish to exercise their rights under the new legislation.
Sales should handle data that has consent. They must know when and how the data was collected and what it can be used for. These individuals should have agreed to be contacted by the sales teams. Sales team should use CRMs like Freshsales that can handle requests around access controls, data portability and processing, and deletion.
Training to manage customer queries on data
When the GDPR comes into effect, it will give customers a lot more control over their relationship with you. They’ll have the right to access, update, port and delete the data you hold about them. With “Right to access” and “Portability,” customers can request a copy of their data at any given point in time. For e.g., if a customer asks you what they have signed up for, how their data is being used or shared across the organization, you should be able to share that with them. Every member of the sales team will need to be trained on these customer rights and the system should empower them to give the right responses.
Improved process rigor
With explicit opt-ins in place, the list of prospects that you can reach out to may come down. But this helps zero in on leads who are truly interested in you, which then leads to better conversion percentages in the long run. Use the CRM to your advantage. Maximise opportunities within the list you have to start with. E.g Features like Lead Scoring can help you focus on the right leads who are more likely to convert, while Sales Campaigns in Freshsales can help you start meaningful conversations with your prospects through well thought out automated emails. Your CRM should be able to help you optimize your sales funnel and get the most out of it.
Does GDPR require to move my data to the EU data center?
Freshsales has multiple data centers including one in EU, you can choose from available plans for options. However, GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on the transfer of personal data outside the EU. GDPR only mandates that such transfers be legitimized through any of the mechanisms provided in the regulation. Some ways of legitimizing transfers are through EU-US Privacy Shield Certification and Model Contractual Clauses. Freshworks uses both ways to legitimize data transfers.
How to create GDPR compliant web to lead or contact forms?
We have introduced an option to include “opt-in” checkboxes along with an editable text area. You can use the “opt-in” check box to record consent of the lead (or contact) and use the editable text area to inform the purpose of consent.
- Go to Web forms in Admin
- Create a new web form or edit an existing one
- Select “Include opt-in option” in the drop down
- Edit the text you want to include along with “opt-in” box to inform the le ad or contact why you are asking the consent for.
How can leads or contacts be marked as ‘do not contact’?
A lead or contact can request to be opted-out of your emailing list. You can easily unsubscribe a lead or contact by following these steps:
- Go to leads or contacts landing page
- Click on quick actions menu (3-dots)
- Click on the “Unsubscribe” option
How can leads from an entire company be marked as ‘do not contact’?
- Go to the leads or contacts list page
- Filter the contacts to you want to mark as do not contact. Use “Account name” field to filter based on company
- Select all the leads or contacts
- Click on “Update field” option at the top
- Select “Do not disturb” field
- Check the field and hit Save. All the selected leads or contacts will be marked as “Do not disturb”
How leads or contacts can be deleted as per GDPR requirement?
A lead or contact can raise a request to be permanently be deleted from Freshsales. In GDPR parlance, this is known as Right to be Forgotten. We have developed a new feature meets GDPR requirement in deleting the lead or contact. To use the feature follow below steps:
- Go to lead’s or contact’s landing page you want to completely delete
- Click on quick actions menu (3-dots)
- Click on “Forget” option
- Confirm the action and the lead or contact will be deleted as per GDPR requirement
How to get double opt-in permissions from prospects to send emails?
Many companies prefer to set-up double opt-in process as a precautionary measure to get the consent from the individual.
Double opt-in is a process where you take consent from the individual multiple times. If you are using web forms to generate leads, then in a double opt-in process you will collect consent once in web form and send an email after submission of the web form to reconfirm the consent.
Follow the below steps to set double opt-in process for leads:
- Create a new custom field for leads of type checkbox called “Opt-in” (You can change the name according to your needs)
- Create a new web form and include the above custom field in the web form
- Create an email template confirming the email. Include “Subscribe” link in this email template
- Create a workflow to send out an email whenever a lead is created to be triggered once with Source field is “Web forms”. You can also add additional conditions to meet your specific requirements
How to get consent from a user before recording a call?
Most of the company don’t collect consent while collecting the lead information. If in some case you need to record the call, you can do so by first requesting for the consent explicitly and only record once the lead or contact provides the consent.
- To record call just click on the red dot beside the call duration and the call will start recording
Note: This option will only be available if you have turned auto call recording off.
How to include unsubscribe link or opt-out option in every sales email?
GDPR mandates that every prospect should be able to unsubscribe or opt-out from your sales or marketing emails.
To enable this we are providing an option to include an unsubscribe link in all the emails you send via Freshsales.
You will have the option to include “unsubscribe” link in the compose window.
- Click on more option at the bottom of the compose window
- Check the “Include unsubscribe link” option. That’s it!
What happens when I unsubscribe a lead or contact?
Whenever a lead clicks on unsubscribe option in an email, or an agent manually unsubscribe a lead or a contact, following behavior is followed:
- “Do not disturb” property is checked
- While sending bulk emails Freshsales will automatically detect leads or contacts who have “Do not disturb” property checked, and not send emails to those particular leads or contacts
- By default in every sales campaign will have an exit criterion to remove leads or contacts wherever “Do not disturb” property is checked. So unless you specially remove this exit criterion, outbound emails from sales campaign won’t go to leads and contacts where “Do not disturb” property is checked.
- Freshsales will warn the User whenever they are trying to send an email to a lead or a contact with “Do not disturb” property checked.
How to see when and how the contact or lead gave their consent?
To help you identify when and how the particular prospect subscribed/unsubscribed from the email list, we have introduced a new event in our activity timeline that captures the date and time a prospect was subscribed and unsubscribed. If the prospect subscribed via Email or Web forms, we also mention that in the event.
We recommend to add an additional custom field to capture the source of consent and update the field whenever you are updating the consent manually, via API, Workflow, etc.
How do I prevent my entire team from sending follow-up emails to leads or contacts who unsubscribed?
To make it easier for your whole sales team to become GDPR compliant we are introducing another setting which will prevent team members from sending email to those leads or contacts with “Do Not Disturb” turned on.
Only Admin will have access to this setting. To enable this go to Admin Settings -> CRM Settings, and enable setting under Opt-in permissions
How to turn-off auto profile enrichment in Freshsales so that customer social profiles don’t appear automatically in CRM?
You can disable Auto profile enrichment feature by going to Admin Settings -> CRM Settings and turn automatic enrichment under Automation settings.
How to completely delete a User from Freshsales?
Not just a Contact or Lead, but a Sales agent can also raise a request to be completely deleted from Freshsales. We are introducing a “Delete User” feature that will delete the Freshsales user completely from Freshsales and the third party providers we might’ve sent the user’s data to.
You can only delete an inactive user. We suggest to transfer the records assigned to the User and deactivate the User before deleting. To deactivate:
- Go to Admin Settings -> Users
- Click on quick actions (3-dots) and select Delete
- Confirm the delete request and hit Delete