Really Simple Systems CRM GPDR Compliance
How Really Simple Systems complies with GDPR legislation.
The General Data Protection Regulation (GDPR) was introduced by the European Union (EU) on 25th May 2018 to protect the personal data of EU citizens. The new legislation enshrines the principle that a citizen’s personal data belongs to them and not to the organisation collecting it.
Replacing the Data Protection Directive 95/46/EC, GDPR has been designed to protect the data privacy of all EU citizens and empower them to control the what, when, how, where and why their personal data is used, stored, processed or deleted.
The scope of the GDPR goes beyond the borders of the EU, creating implications for any organisation that works with the personal data of any EU resident and making them responsible for the protection of that data.
High Standards Of Data Security
At Really Simple Systems CRM GDPR compliance and data protection are fundamental to our business. We understand that we have a high duty of care to protect our customers’ data, and our internal policies and procedure reflect this. Our approach is open and honest, aiming to give confidence to our customers on our integrity.
Really Simple Systems CRM GDPR Compliance
Really Simple Systems complies with the provisions of GDPR both in our capacity as a Data Controller of our customers’ personal data and as Data Processor for customers of our CRM. See our CRM GDPR Compliance Statement.
- All customer data is stored within the EU in data centres that are ISO27001 compliant, with data on our production servers encrypted at rest
- All our sub processors, where we store or pass personal data, are GDPR compliant
- We have in place a Data Protection Officer, a Breach Notification Process and policies for Right to Erasure & Data Portability
- All our staff are subject to our Customer Data Access Policy enforced in their employment contracts
Supporting Our Customers
GDPR is the biggest marketing and compliance challenge businesses have faced for some time. It’s important to us to support our customers as they adapt to the changes. Over the couple of years we have written several articles and presented monthly webinars explaining what GDPR compliance is about and what organisations need to do to prepare for the legislation.
Whilst we stress that we are not qualified to give legal advice, we are happy to help interpret the legislation and give our opinions on what is needed.
We have also made developments to our integrated Marketing Module to include compliance tools for email marketing.
CRM GDPR Compliance Features
The Really Simple Systems integrated Marketing module includes built-in GDPR compliance features, that allow users to capture and store consents. Our compliance features enable customers to collect mailing consent from new leads via a website form and from an existing contact database. The Mailing & Consent Lists features records consent opt-ins and keeps an auditable log of when, how and from what IP address the consent was granted.
Your GDPR Compliance Checklist
- Appoint a Data Processing Officer who should quickly get up to speed with the legislation
- Create a list of all your systems that hold personal data: your CRM, accounting system, HR system, contact databases in email clients such as Outlook, all those spreadsheets scattered around people’s laptops with contact data in them
- List of all your Data Processors, those external systems you use that hold personal data. Make sure they only hold data in the EC and are, or will be, GDPR compliant. If you are in a regulated industry get a certificate or contract warranting compliance
- Draft a procedure for managing breach notifications, for both the regulatory body and the contacts themselves. If a breach happens you won’t have time to consider the best way to do this so have it mapped out in advance
- Review and update the privacy notices and terms and conditions on your website