GDPR is fast approaching, and as companies prepare, they are assessing not only their own data, but the systems that house that data. One of the biggest software investments for companies across all industries is CRM. In the next few weeks, we’ll look at some of the major CRM systems and how they are preparing their products for GDPR compliance — starting with SugarCRM. Here’s what we know about Sugar’s plans for GDPR compliance.
SugarCRM’s Spring release (version 8.0) will include data privacy functionality for data controllers complying with GDPR. The release will be accessible to all product users, whether they use the on-premises or Cloud version of the software. While the company cautions that the final Spring release may be altered at their discretion, they are currently citing some major changes which include:
New Opt-in Defaults
Currently, SugarCRM defaults to an implicit opt-in for all new emails. Its new release will mitigate this by allowing administrators to default the system to opt-out new email addresses. Addresses that are opted out will display indicators in the CRM that show the individual can be contacted for business purposes, but not for marketing.
Data Privacy Management Module
A data privacy management module will track any changes to customer consent and allow consent to be withdrawn by the data subject. Data controllers will be able to record if consent was granted and the business purposes for that consent. The module will be fully configurable and able to relate to any other module, including custom. Any requests for partial or permanent data erasure will also be logged using this module. Once erased, the selected fields will read “Value erased” as a placeholder.
The GDPR compliant SugarCRM release will offer Personal Information (PI) logs which display the information and its source. When a subject requests access to their personal data, contents of this log can be pulled to accommodate. Users also can export personal information in a list view to send to the subject.
Custom Fields for Processing Objections
If a data subject prefers their information not be used for profiling, SugarCRM users can create a custom field that flags the record to exclude it from campaigns, reports, or other business processes.
Internally, SugarCRM also has plans for their use of customer data. The company has indicated its inherent compliance with the new GDPR statutes for privacy and protection through policies, procedures, technical measures, and organizational activities to prepare for any data event. For customers looking for more information on Sugar’s GDPR policies, visit this link.