One of our customers is asking if there is any documentation regarding GDPR and their Sage CRM.com system?
I can see that Sage CRM 2018R2 is bringing in new functionality to help. Is this being added to .com as well?
There are no feature changes for SageCRM.com and GDPR planned. It is important to underscore that GDPR is essentially not a software issue.
Consent of personal data must be freely given, specific, informed and unambiguous. Consent is not freely given if a person is unable to freely refuse consent without detriment. Out of the Box SageCRM.com does have provision through existing columns for recording of consent. And additional columns (checkboxes) can be added easily.
The GDPR has placed great emphasis on the accountability for data controllers to demonstrate data compliance. They will be required to maintain certain documentation, conduct impact assessment reports for riskier processing and employ data protection practices by default – such as data minimisation. This is duty of the business rather than any feature of software. The business has to have a policy around what data they hold and why.
The "Right to be forgotten" is one of the most useful changes for the average person managing their data protection risks. A person will be able to require their data to be deleted when there is no legitimate reason for an organisation to retain it. SageCRM.com already has the mass update feature which allows the anonymisation of data.
The customer need to ensure any third party integration (like MailChimp) that through an integration has that data deleted.
I hope this helps.
Does Sage have "data processor" responsibilities for SageCRM.com?
Yes. It does. (As far as I understand it) I had a meeting yesterday and was shown some of the revised terms and conditions and GDPR addendum that will be added for SageCRM,com.
There will also be a standard communication issued to all Sage customers. But that is all I can share at the moment.
© The Sage Group plc 2017All Rights Reserved