Does your CRM meet the requirements of the General Data Protection Regulation?

Does your CRM meet the requirements of the General Data Protection Regulation?

CRM and data protection: The protection of personal data is considered an important right of personality and poses the challenge for companies all over the world to guarantee it. All personal data is stored and interacted with customers in CRM.

Customer Relationship Management) systems . The system used must therefore comply with the current General Data Protection Regulation (GDPR), otherwise sanctions may be imposed. What does that look like in your company?

Data collection: landing pages, forms and double opt-in

Do you offer newsletters or other offers that you provide in exchange for the reader’s or prospect’s data to be downloaded? Such as a checklist, a white paper or a webinar? Then it is necessary to adapt this offer and the associated process to the GDPR .  

The GDPR stipulates that when a lead enters their personal data on the landing pages and forms used for this purpose, they must be informed in detail that this data will be stored and used in a certain way by the company in question.

Article 12 of the GDPR states: “The controller shall take appropriate measures to provide the data subject with any information (…) relating to the processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language to transfer (…)”. The information that must be provided is specified in Article 13 of the GDPR.

A content management system (CMS) with connected CRM is best suited for GDPR-compliant implementation . You can use it to design websites, landing pages and forms yourself. In this way you ensure that the potential customer is provided with all the information they need in the right place.

Based on this knowledge, your lead can finally decide whether they want to make their data available to you. It is important that you ensure that the lead actually has to actively give their consent and is not guided by, for example, a box that has already been ticked. Details on consent can be found in Article 7 of the GDPR.

To be on the safe side, use the double opt-in procedure . After entering their data, the interested party or potential customer receives another e-mail in which they confirm that they actually agree to the release.

Even if the GDPR does not require this procedure, we recommend it. In this way, you can demonstrably confirm in the long term that you have fulfilled your obligation to provide information and that the potential customer has actually voluntarily consented to the use of his data.

Data protection CRM requirements: are you ready for the GDPR? Check it out with our checklist !

Data storage: export contacts and customize information

The GDPR strengthens the right of data subjects . This means that the personal data stored by a company can be requested by the person concerned, viewed and, if desired, transferred to another company. This may be necessary, for example, when changing providers and is ensured by Article 20 of the GDPR. Likewise, customers can request changes to their data. 

Again, you should check if your CRM can do this. For example, can you export the personal data in a user-friendly format and make it available to the customer? Is it possible to transfer the data without any problems?

Our practical experience: Providing and changing the data is very easy with the HubSpot CRM . For example, you can change a customer’s e-mail address, export or transfer data with just one click. Another advantage of HubSpot is that you can set up special workflows for this . 

The end of the relationship: unsubscribe/adjust blog subscription or request deletion of data

When it comes to e-mail marketing , it is important that every e-mail automatically contains the “unsubscribe button” in the signature.

This allows contacts to unsubscribe from your blog subscription or newsletter. This is required by the GDPR in  Article 21 . Users can also use this button to customize the topics on which they want to receive email notifications. 

Even if you don’t use the HubSpot CRM or email marketing software, where such a button is standard, you should make sure that your readers are given a way to unsubscribe from your newsletter.

If your customer not only no longer wants to receive your e-mails, but also wants their data to be completely deleted from your system, they can submit a request thanks to the right to be forgotten ( Article 17 ), which you must comply with promptly.

Therefore, make sure that your CRM also offers the option of being able to completely delete internal system data.


Data protection for all users – this is the aim of the GDPR and makes every company that is active on the Internet responsible. This not only applies to your own data protection declaration on your website, but also to data protection in e-mails and newsletters as well as customer data in general. A suitable CRM software takes a lot of work off your hands.

Leave a Comment

Your email address will not be published.