is fast approaching, and as companies prepare, they are assessing not
only their own data, but the systems that house that data. One of the
biggest software investments for companies across all industries is CRM.
In the next few weeks, we’ll look at some of the major CRM systems and
how they are preparing their products for GDPR compliance — starting
with SugarCRM. Here’s what we know about Sugar’s plans for GDPR
SugarCRM’s Spring release (version 8.0) will include data privacy
functionality for data controllers complying with GDPR. The release will
be accessible to all product users, whether they use the on-premises or
Cloud version of the software. While the company cautions that the
final Spring release may be altered at their discretion, they are
currently citing some major changes which include:
New Opt-in Defaults
Currently, SugarCRM defaults to an implicit opt-in for all new
emails. Its new release will mitigate this by allowing administrators to
default the system to opt-out new email addresses. Addresses that are
opted out will display indicators in the CRM that show the individual
can be contacted for business purposes, but not for marketing.
Data Privacy Management Module
A data privacy management module will track any changes to customer
consent and allow consent to be withdrawn by the data subject. Data
controllers will be able to record if consent was granted and the
business purposes for that consent. The module will be fully
configurable and able to relate to any other module, including custom.
Any requests for partial or permanent data erasure will also be logged
using this module. Once erased, the selected fields will read “Value
erased” as a placeholder.
The GDPR compliant SugarCRM release will offer Personal Information
(PI) logs which display the information and its source. When a subject
requests access to their personal data, contents of this log can be
pulled to accommodate. Users also can export personal information in a
list view to send to the subject.
Custom Fields for Processing Objections
If a data subject prefers their information not be used for
profiling, SugarCRM users can create a custom field that flags the
record to exclude it from campaigns, reports, or other business
Internally, SugarCRM also has plans for their use of customer data.
The company has indicated its inherent compliance with the new GDPR
statutes for privacy and protection through policies, procedures,
technical measures, and organizational activities to prepare for any
data event. For customers looking for more information on Sugar’s GDPR
policies, visit this link.