Dynamics CRM system can be a vital tool to gaining and maintaining GDPR compliance.\u00a0 Your policies will dictate what the systems need to do to support your compliance position. For example, simply having a CRM system that collects personal data doesn\u2019t make it compliant. If your policies state that you only need name, address, email information, to carry out the required management\/service to your customers, then Dynamics CRM needs to be configured such that this is all it is able to store.<\/p>\n
Dynamics CRM should not allow users to enter personal details such age, marital status etc. beyond that, otherwise clearly your Dynamics CRM system is not compliant because it is not following policies which have been defined around the agreed business need.\u00a0 There is then the associated data, such as emails, transactional history like Orders, Cases, enquiries etc. to consider.\u00a0 All Users of the Dynamics CRM instance need to be informed and trained on the implications of GDPR and the use of the system. A Dynamics CRM system will hold records about individuals you sell to or do business.\u00a0 It is important you can identify where, when and how the record got into your system.\u00a0 Typically the \u2018Source\u2019 field of a Lead or Customer record is going to answer that question.<\/p>\n
Marketing via Email<\/b>.\u00a0 If you use Dynamics CRM to market via Email then you need to implement a double Opt-In process for gaining permission to email to that individual and stating when you gain that email address for your list, what you intend to do with that address.\u00a0 I.e. if you get the individuals details about Product A and then you start emailing them about Product B, this could be deemed as a breach of GDPR.\u00a0 With double opt-in, not only has a user subscribed to a newsletter, mailing list or other email marketing messages by explicit request but he or she also confirmed the email address is their own in the process.<\/p>\n
How long can Dynamics CRM hold a person\u2019s data for? The GDPR legislation has rules around the polices which mean depending on your specific business needs, there may be limitations in terms of the extent of this data, the length of time it may be reasonable to hold this data etc.\u00a0 The legislation indicates that say beyond a product warranty period, there would be no reasonable need for a company to retain that person\u2019s data.\u00a0 Your policy would need to state a case as to why a longer retention period is appropriate.\u00a0 However, with just the subject area of emails, there is complexity.\u00a0 Does this include all emails a person has simply been copied on?\u00a0 If emails are stored in Dynamics CRM, then there is the double issue of managing this whole area in both your email service and Dynamics CRM.<\/p>\n
But what do I do with the\u00a0data in the backups<\/b>?\u00a0 There is also the consideration of backups and archiving, and this will apply to Dynamics CRM as much as any other application.\u00a0 So, when for example you are using an online hosted instance of a Dynamics CRM, you need to understand what the archiving and backup processes of that online systems are such that if your policies state that you will delete any records of a certain nature that are greater than N years old, then that can be done and you know that that will be done through the backups and archiving taken place with your online instance.<\/p>\n
The right to be\u00a0forgotten<\/b>.\u00a0 Similarly, when it comes to an individual requesting an update of their information, a report of what information you hold on them, or an individual requests the right to be forgotten, then your policies need to define the requirements that your system needs to be able to support. Clearly good data quality, a subject very close to our hearts, is going to be an even greater requirement for GDPR than it has been to date to simply make Dynamics CRM work efficiently.\u00a0 When such requests are made, high quality data will make it easier to ensure you identify the right person and that person only has one record in your system.\u00a0 Therefore, any actions required can be carried out in confidence.\u00a0 Knowing that if a person simply requests not to be contacted, i.e. unsubscribes, that as there is only one record, they will not receive further communications because they have a duplicate entry in Dynamics CRM that was missed.<\/p>\n
Review your user\u2019s access rights \u2013 look at all your users and what access rights they have to your Dynamics CRM instance.<\/p>\n","protected":false},"excerpt":{"rendered":"
Dynamics CRM system can be a vital tool to gaining and maintaining GDPR compliance.\u00a0 Your policies will dictate what the systems need to do to support your compliance position. For example, simply having a CRM system that collects personal data doesn\u2019t make it compliant. If your policies state that you only need name, address, email … <\/p>\n