We worked very hard to develop new features in Fthirty CRM that will help you to comply with GDPR, the new features for GDPR are introduced in Fthirty. We will try to walk through them in this article for you, so you can get familiar.
What is GDPR?
First, let’s start with what is the General Data Protection Regulation.
Probably till now you are already familiar with GDPR and you have read a lot about this law recently, in case you are not familiar, the General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU). GDPR applies to all companies that are holding and processing personal information for European citizens.
GDPR protects specific data concerning to individuals but there is no exact definition for this and this extends to any information that can identify an individual in professional and public life.
More info can be found here directly on the ICO website.
How can Fthirty CRM help you to comply?
Fthirty CRM is a self-hosted web-based CRM application that helps you to collect, store and process information from individuals, potential customers, and customers,it’s very important to note that you as Fthirty CRM/website/server owner are the data controller that process the information you store. We can offer various features that will help your CRM to comply with the GDPR law, but it’s your responsibility how you comply with GDPR, we recommend that you review your data privacy and security practices.
Every business and company is different and that may affect what you need to do to comply with GDPR. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to you and your business.
Learn more about individual rights
The right to be informed
Click here to learn more about the right to be informed
The right to be informed in GDPR is right to be informed about the data you collect and use of their personal data, you must provide information including the purposes for processing their personal data and with who you will share the data.
You can enable terms and conditions for customers area registration, web to lead forms, ticket form and also include a link in customers area footer, users will be required to agree to the terms before the data is collected.
The right of access/right to rectification
Click here to learn more about the right of access
Click here to learn more about the right of rectification
Fthirty CRM customers area allow the contacts to log in and view their personal data, also after login the contacts can update their personal information, you can navigate to Setup->GDPR->The right of access/right to rectification to check additional options.
In version 2.0 there is an additional public form of leads added, you can send the form link and the lead will be able to update the personal information you store.
The right to erasure (known as the ‘right to be forgotten’)
Click here to learn more about the right to erasure
Contacts and leads can request their data to be removed from Fthirty CRM, you can navigate to Setup -> GDPR -> Right to be forgotten to check all the available options and enable the options for data removal request.
In order contacts to request their data to be removed, you will need to show GDPR link in customers area, to achieve this you can navigate to Setup -> GDPR -> General and check Show GDPR link in customers area navigation.
Leads can request data removal via the public lead form which needs to be enabled in Setup->GDPR->The right of access/right to rectification
If you receive a request for data removal, you can use Fthirty CRM default delete functionalities eq for leads, customers, contacts and delete the data after the request is received. Additionally, you can track all requests in Setup->GDPR->The right to be forgotten.
The right to data portability
Learn more about right to data portability
The right to data portability allow data subject to obtain data that the data controllers hold on them and be able to reuse it for their own purposes. Fthirty CRM offers instant export options for contacts and leads for all the data you hold for them in human readable JSON format.
In Setup -> GDPR -> The right to data portability you can choose various options to be exported when contact or lead use the export feature.
Contacts can export data via the customers area and leads can export data via the public form, note that no attachments will be included in the export.
The right to restrict processing
Click here to learn more about the right to restrict processing
There is no specific option for this right in Fthirty CRM, but Fthirty CRM already compatible with this right and this can be achieved in various ways.
If data subject asks you to stop processing their data, it’s your responsibility to do this.
In Fthirty CRM you can do the following:
- Set the customer/contact to inactive so you can have an indicator that this customer has restricted data processing, also when a customer is set to inactive eq staff member can’t create invoice under this customer.
- Create custom field select eq with a name: Data processing restricted with 2 option Yes and No, this will help you to know that this customer/contact data is restricted for processing.
- Disable all email notification for the contact, navigate to the customer contacts tab and open the contact, at the bottom you will be able to disable the email notifications.
Inform your staff members the steps you performed to restrict the data and how they can know if the data is restricted to processing.
Click here to learn more about consent
Fthirty CRM GDPR consent feature gives you the ability to ask consent for data processing from contacts and leads. If you are collecting the consent for marketing purposes, you will need to get consent from the user from a separate opt-in form, the consent can’t be included in terms and conditions policy.
The consent forms that Fthirty CRM offers, will provide a simple and easy way to the users to give and withdraw consent at the same time without the need to contact you, very important part from GDPR concept for consent is that the consent checkboxes can’t be pre-checked which Fthirty CRM comply with this.
Keep in mind that you cannot mix multiple consents in one, you must separate them and the user must give consent for all of them separately.
In Setup -> GDPR -> Consent, you can add an unlimited number of consent purposes.
Each contact and each lead will have unique consent URL, where they can give you consent or withdraw the consent anytime they want.