5 Tips for CRM GDPR

What is CRM?

A Customer Relationship Management (CRM) system is a system used by businesses to manage their interactions, exchanges and relationships with their customers or clients. It creates a clear overview of customer activity by tracking and analysing interactions.

“Research shows that 91% of companies think that data-driven decisions can impact their businesses’ growth.”

This is why so many companies are investing and relying on their customer data for making businesses decisions. Other benefits of a CRM include; accurate sales reports, improved sales forecasting, improved service, maximising marketing ROI and more.

What kind of data is stored in a CRM?

A CRM is customisable to store the information your business feels is necessary, but typically a CRM stores:

  • Contact name
  • Title
  • Email address
  • Social profiles
  • Contact history
  • Phone Number
  • Bank Account Details

Looking at the data listed above, you can’t help but wonder whether storing this type of personal data is allowed?

Help with CRM implementation

The General Data Protection Regulation (GDPR)

The GDPR, a regulation which came into effect on the 25th of May 2018, poses strict rules on how businesses that collect or hold personal data can collect, use, transfer, protect, store and manage that data. It introduces tougher fines for non-compliance and breaches, making it your business’ best interest to ensure that your CRM complies with the GDPR.

5 tips for CRM and GDPR

  1. Identify personal data

Once customer data is identified and categorised, it will be easier to manage.

  1. CRM and GDPR Compliance

Whenever you collect, use, share or store personal data, you must be sure that all processes are compliant with GDPR CRM system principles:

GDPR principles to follow when using a CRM system

3. Consent

Different pieces of data require different lawful basis for processing. Consent is one of the main lawful basis; if your processing requires explicit consent, your CRM must include consent management provisions and must keep record of the customer’s given consent.

If there are any third-party services, such as marketing or analytics cookies that collect customer data, you should ensure that it is reflected in the CRM and that it is GDPR compliant.

4. Protect the data

You must ensure and adopt safety measures to keep the customer database secure.

  • Limiting access to the customer data within the organisation.
  • Create special protection and care for more sensitive data.
  • Regularly update your security system.
  • Other security tools include; data encryption and limited logins.
  • Assess the databases for risks and threats.

5. Exercise customer right over data

Ensure that the customer rights given to customers under the GDPR are exercisable.

  • The right to request to delete or modify their data.

Make sure you respond promptly to their request and make a genuine and logical reason for if you delay or deny their request.

Examples of CRM systems that have added/changed functionality to comply with the GDPR are Pipedrive GDPR and Pipedrive data processing agreement, Zoho and HubSpot detailed below…

Pipedrive data processing agreement

Looking to invest in your own new CRM system, or perhaps you’re wanting more out of your current setup? You’re in luck, because we’re here to help… contact EstherM@ninefeettall.com 







From the blog

  • How to Build a Data Strategy

  • How can we promote better Project Management within the Charity Sector?

  • Digital Transformation in Retail – 9 Lessons learned