How to configure SuperOffice CRM for GDPR

All businesses gather personal information about their prospects, customers, suppliers and business contacts. This is typical information that is stored in your CRM database and you need to be able to document and handle it according to how you run your business, and the GDPR requirements. 

SuperOffice CRM covers your documentation needs

There are several ways the information about persons and their personal data gets stored in SuperOffice CRM. It may come from manual registration, via email, through chat, service tickets, web forms, or integrations to other back-end systems.

Regardless of how a person "enters” the database, SuperOffice CRM offers the documentation a company needs for the WHY, HOW and WHEN new personal data enters the system.

This means that you are responsible for defining policies that are GDPR-compliant.

Then you can set SuperOffice CRM to automatically record:  

• the correct purpose (WHY you are storing the information on a particular person);
• the legal base (GDPR article 6.1 – Lawfulness of processing);
• the source/origin (HOW this person entered SuperOffice CRM, for example: manual registered, via web form, email, etc.);
• the date and time (WHEN the information on a person was entered), and lastly;
• who did it.

To help you meet the GDPR requirements, SuperOffice CRM contains a whole set of features.

From the start, there are some default settings that you can change to fit the way you work, and there are additional options to support how your company gathers and handles personal data.

How to get started

To help you prepare and get your CRM data ready for the GDPR, we have added how-to guides to our Customer Community that will support you every step of the way.

You can configure your SuperOffice CRM for the GDPR in three basic steps: 

• Step 1: Preparation;
• Step 2: Configuration;
• Step 3: Allocation of access rights.

You can configure SuperOffice CRM yourself if you have basic needs, or if you have had experience setting up CRM before. Alternatively, you can ask one of our consultants to help you.

1. Prepare your company for the GDPR

How the GDPR regulation applies to your business is the responsibility of your management. You need to have a privacy strategy in place and know what data you want to store in what system and how you intend to handle this data. This will determine how you set up SuperOffice CRM to support your strategy and processes.

To help you get ready, we created a 5-step plan that will help you:

1. Map your company's data;
2. Determine what data you need to keep;
3. Put data security measures in place;
4. Review your documentation;
5. Establish procedures for handling personal data.

Here, you can read about the 5 steps you need to take to prepare your organization for the GDPR.

2. Configure your database for the GDPR

When you are ready and know what personal data you will store in SuperOffice CRM, as well as why and when, you can configure your SuperOffice CRM inside the Settings and maintenance module to support your policies.

To set up the GDPR functionality in your SuperOffice CRM solution, you can:

• Change privacy lists: By default, there are two main purposes for storing and processing personal data defined in SuperOffice CRM and you can change these settings to fit what is right for your company.
• Set up privacy settings: This includes if and when to automatically inform a person that they have been stored in your systems by email, or let the system automatically exclude recipient without the necessary consents to receive mailings.
• Add and edit subscription types: This functionality helps you offer a person a chance to not only give consent to receive e-marketing mailings from your company, but also to define their own mailing preferences.

Each of these how-to pages contains both a how-to video and a step-by-step guide that you can use to set up your SuperOffice CRM solution to match your privacy policies.

3. Allocate access rights

Since the main goal of the GDPR is to protect people’s privacy and to keep their personal data safe, not all GDPR-related functionality in SuperOffice CRM should be accessible to everyone in your company.

You need to assign access rights to perform the following functions:

• Manage e-marketing subscriptions: By default, it's only the contact him/herself that can update his or her subscription preferences. You are, however, able to give certain users access rights that allow them to update the e-marketing subscriptions of a contact manually. 
• Mass update contact information: This functionality allows you to add, change or remove personal details for groups of contacts, activities, sales, and projects. All in just a few clicks.
• Mass delete contact information: This functionality allows you to delete contacts that should not (or no longer) be saved in your database as a result of your company's privacy statement.

GDPR compliance – an ongoing project

By completing the three steps: preparing your company, configuring your database, and allocating access rights to the right people, you have taken important steps towards GDPR compliance.

The journey doesn’t stop here though. Being GDPR compliant is an ongoing project and involves all the IT systems your company uses.

From now on, you’ll need to focus on maintaining the proper management of personal customer data in your SuperOffice CRM – according to your company’s privacy policies and the GDPR requirements.