Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OnePageCRM: Tackling GDPR - one bite at a time

116 views

Published on

A presentation from a dedicated webinar on GDPR with Carmel Granahan & Andrea Manning from OnePageCRM and special guest Data Protection and Privacy Law specialist Philipa Jane Farley.
Key areas of focus include:
- An overview of GDPR and what it means to your business
- How to utilize fields in OnePageCRM to enable you to implement better GDPR compliant processes
- How to do a legitimate interest assessment
and
- The most frequently asked GDPR questions.

  • Be the first to comment

  • Be the first to like this

OnePageCRM: Tackling GDPR - one bite at a time

  1. 1. GDPR, OnePageCRM and Your Business Tackling GDPR - one bite at a time Please wait. The webinar will start shortly....
  2. 2. Carmel Granahan Head of Customer Success, OnePageCRM Your speakers today…. Philipa Jane Farley Data Protection and Privacy Law Specialist Andrea Manning GDPR Lead, OnePageCRM
  3. 3. WE’VE SPENT A LOT OF TIME WITH GDPR AND LIKE TO THINK WE’VE BEEN THOUGHTFUL ABOUT ITS INTENT AND MEANING. BUT THE APPLICATION OF GDPR IS HIGHLY FACT-SPECIFIC, AND NOT ALL ASPECTS AND INTERPRETATIONS OF GDPR ARE WELL-SETTLED. AS A RESULT, THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND SHOULD NOT BE RELIED UPON AS LEGAL ADVICE OR TO DETERMINE HOW GDPR MIGHT APPLY TO YOU AND YOUR ORGANISATION. WE ENCOURAGE YOU TO WORK WITH A LEGALLY QUALIFIED PROFESSIONAL TO DISCUSS GDPR, HOW IT APPLIES SPECIFICALLY TO YOUR ORGANISATION, AND HOW BEST TO ENSURE COMPLIANCE. DISCLAIMER
  4. 4. Welcome Today’s Agenda ❏ An overview of GDPR, the roles, lawful processing of data, consent v’s legitimate interest ❏ How to utilize fields in OnePageCRM to enable you to implement better GDPR compliant processes (demo) ❏ How to do a legitimate interest assessment ❏ Most frequently asked GDPR questions ❏ Live Q & A
  5. 5. GDPR requirements and OnePageCRM Individual rights ❏ The right to access information (subject access request) - Export data ❏ The right to erasure - Delete the data from OnePageCRM (option in bulk / individually) & also delete your account ❏ The right to data portability - Export data ❏ The right to rectification - Edit contact and update user profile
  6. 6. Lawful processing and OnePageCRM 1. Explicit consent (Marketing) How to achieve with OnepageCRM? Webform > OnePageCRM (custom fields) 2. Performance of contract How to achieve with OnepageCRM? (Status labels) 3. Legitimate interest How to track with OnepageCRM? (Status labels, lead source, date created, custom fields)
  7. 7. Repermissioning Step 2 Existing list (Mailchimp & OnePageCRM integration connected) Step 1
  8. 8. WELCOME DOES GDPR APPLY TO YOU? ▸ The GDPR is applicable to the processing of personal data by businesses established in and operating outside the European Union (“the EU”). If your company is established in the EU, the provisions of the GDPR are applicable to your processing of personal data in the context of the activities of your EU establishment(s). ▸ If your company is not established in the EU, the new law is applicable to your processing of the personal data of individuals in the EU with regard to the offering of goods or services (regardless of whether payment is involved) and to the monitoring of an individual’s behaviour (in so far as that behaviour takes place within the EU). ▸
  9. 9. CONTROLLER VERSUS PROCESSOR The Yellow Hat Company CUSTOMER/DATA SUBJECT PROCESSORCONTROLLER PROCESSOR
  10. 10. GDPR AND YOU ONEPAGECRM - YOUR PROCESSOR 1. Processor needs to be GDPR compliant 2. The data processor can’t bring in other data processors unless he has notified the Controller, and has permission to do so 3. There also must be a contract between the data processor and data controller that should clearly mention the subject-matter, duration, nature and purpose of the involved data processing 3. Keep records of all processing and provide secure processing 4. Common duties and shared liability 5. Assist the Controller in meeting their responsibilities
  11. 11. GDPR & YOUR CRM
  12. 12. GDPR AND YOU TELL YOUR SALESPEOPLE 1. Gather only data you need and make sure you have lawful grounds to process this 2. Be open about your actions and prepare for data subject requests 3. Keep the data safe and delete it when you’re finished with it
  13. 13. TRANSPARENCY GDPRBUILD TRUST THROUGH TRANSPARENCY Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject Article 13: Information to be provided where personal data are to be collected from the data subject
  14. 14. TRANSPARENCY 6 Principles ▸ PURPOSE - Disclose your purpose for processing, current and future ▸ LEGITIMATE INTEREST - Disclose your grounds for legitimate interest ▸ RETENTION PERIODS - Disclose your expected data retention periods ▸ 3RD PARTY PROCESSORS - Disclose where you’re sending the data ▸ DATA SAFEGUARDS - Disclose the data safeguards you have in place to secure and protect your user’s data ▸ EASY OPT OUT - You must make it easy to opt out
  15. 15. TRANSPARENCY RETENTION PERIODS ▸ Disclose your expected data retention periods HOW ‣ PRIVACY POLICY ‣ ADD DATE FIELDS TO TRACK WHEN CONTACT WAS ADDED, LAST CONTACT ‣ BULK UPDATE FOR HOUSEKEEPING ‣ GENERAL GUIDELINE: - CUSTOMERS = 12 MONTHS - PROSPECTS = 3-6 MONTHS
  16. 16. TRANSPARENCY MECHANISMS FOR TRANSFERRING DATA OUTSIDE OF THE EU/EE
  17. 17. LAWFUL PROCESSING GDPR PICK ONE ONLY
  18. 18. TRANSPARENCY LAWFUL PROCESSING 1. Explicit consent for each purpose of use 2. Performance of Contract 3. Legal Obligation 4. Vital Interest of Individual 5. Public Interest - Official Authority 6. Legitimate Interest Article 6: Lawfulness of processing
  19. 19. TRANSPARENCY CONSENT 1. Explicit consent for each purpose of use 2. Unambiguous 3. Freely Given 4. Informed 5. Clear affirmative action 6. As easy to withdraw as it is to provide 7. Maintained as proof that it was provided Article 7: Conditions of Consent
  20. 20. LEGITIMATE INTEREST Would the person receiving this reasonably expect to receive this?
  21. 21. PERSONAL DATA GDPREVERY PIECE OF DATA THAT CAN BE USED TO UNIQUELY IDENTIFY A PERSON
  22. 22. TRANSPARENCY PERSONAL DATA 1. Name 2. Email 3. ID numbers 4. Physical address 5. Other location data 6. IP address and cookies (online identifiers)
  23. 23. INDIVIDUAL RIGHTS GDPR STRENGTHENED INDIVIDUAL RIGHTS
  24. 24. TRANSPARENCY INDIVIDUAL RIGHTS ARTICLE 16: RIGHT TO RECTIFICATION ARTICLE 17: RIGHT TO ERASURE ARTICLE 18: RIGHT TO RESTRICTION ARTICLE 20: RIGHT TO PORTABILITYARTICLE 15: RIGHT OF ACCESS
  25. 25. LEAD GENERATION AND NURTURING MARKETING MARKETING GETS PERSONAL
  26. 26. TRANSPARENCY LEAD GENERATION
  27. 27. EMAIL MARKETING MARKETING MARKETING GETS PERSONAL
  28. 28. THE GDPR STATES THAT THE PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES MAY BE CARRIED OUT FOR LEGITIMATE INTEREST With proviso’s….. RECITAL 70
  29. 29. RECITAL 70 DIRECT MARKETING ▸ Have a relevant and appropriate relationship with them ▸ Show that there is a balance of interests between the organisation and the person receiving the marketing. ▸ Tell them you are going to market to them ▸ Show them how to opt out of receiving marketing from you
  30. 30. 80/20 RULEPARETO’S PRINCIPLE
  31. 31. SUMMARY ▸ LOG YOUR LEGAL BASIS ▸ GET CONSENT FOR MARKETING ▸ LOG THE DATE ▸ KEEP A REGISTER OF YOUR RATIONALISATIONS/DECISIONS ▸ LIMIT OR EXCLUDE STORING SENSITIVE DATA ▸ IF DOESN’T FEEL RIGHT, IT OFTEN ISN’T ▸ DELETE, DELETE, DELETE
  32. 32. Useful resources / links ▸ http://gdprandyou.ie ▸ https://gdpr-info.eu (official pdf of the regulation, neatly arranged as a website) ▸ https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regul ation-gdpr/ ▸ https://philipajane.com ▸ https://www.onepagecrm.com/sales-resources/gdpr-cheat-sheet
  33. 33. HOW DO YOU EAT AN ELEPHANT? (OR TACKLE GDPR)
  34. 34. ONE BITE AT A TIME!

×