GDPR (General Data Protection Regulation) Compliance
As most people are aware the date when GDPR enforcement is almost upon us (May 2018). One of the Articles (16) deals with the Right to Rectification.
The article states:
“The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.”
ref: https://gdpr-info.eu/art-16-gdpr/
So of course our Sage CRM systems contains a lot of data and you can imagine the email tennis that might ensue when someone requests their data (gotta create a report) and changes are suggested back and forwards. We also have that “without undue delay” text which is not helpful. What is undue delay. A day? a week? a month? We’re all busy and this is work that generates no income.
One way we are suggesting to resolve this is to allow customers access their data via a customer portal and allow them review and request changes to their data. Or even change the data themselves.. though typically we wouldn’t advise this.
A portal that allows customers see their data would tick the box in terms of there being no “undue delay” especially where a portal logs any portal interactions in Sage CRM so no false claims can be made.
Now I’ll put my sales hat on….
Our Sage CRM Self-Service Portal “Customer 365” has the ability to allow customers to view their information and also to request an edit to that information. This provides you with full tracking regarding this GDPR requirement.
As of January 2018 we also now have subscription pricing available for Customer365. Contact us for more details.
NOTE*** Whilst this is an EU directive it is worthwhile for all partners and customers world wide to take note as if you hold any kind of data on an EU Citizen these rules will apply
“…The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy…” Source https://www.eugdpr.org/