New guide: Thriving in tough times
A leaders guide to successful business growth

GDPR and CRM: How to Manage Customer Data in 2023


Post summary:

  • What is GDPR and why is it important to your business?
  • How GDPR and CRM can support your journey to compliance
  • 3 CRM features to look for to help you manage customer data better

The EU privacy regulation called the General Data Protection Regulation (GDPR) has now came into effect.

With it, it imposes strict requirements on the way businesses collect, store and manage personal data.

If you’re unfamiliar with GDPR, here’s what you need to know:

GDPR provides citizens of the EU with greater control over their personal data and assures that their information is being securely protected across Europe, regardless of whether the data processing takes place in the EU or not.

Personal data can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.

Typically, this is the kind of data you store in your CRM system.

But, GDPR only impacts big companies, right?


If you use a database to store prospect or customer information, then you cannot ignore GDPR.

According to a survey from the Global Alliance of Data-Driven Marketing Associations (GDMA) and Winterberry Group, 92% of companies use databases to store information on a customer or a prospect.

Percentage of companies that store customer information in a database

Therefore, GDPR impacts businesses of all shapes and sizes.

Including yours.

Why is GDPR important to your business?

GDPR encompasses 3 main areas that every business needs to consider:

  1. The GDPR regulation itself
  2. The systems you use to store all your customer data
  3. The legal aspects of the regulation and how it will affect the way you handle personal data

The 3 business areas that GDPR impacts

If you use a CRM software, then it should support the collection and management of personal data in a secure way.

With regards to the regulation and understanding of the legal aspects and privacy rights described in the law, we recommend that you seek legal advice and consult other GDPR resources to ensure your business is compliant.

Your national data protection authority has useful descriptions and explanations on privacy. For more resources on GDPR, you can read the complete legislative text of GDPR here, and the EU has an official GDPR web portal, where you will find relevant explanations of what your business needs to do.

How can CRM support your journey to GDPR compliance?

GDPR has a big effect on how businesses collect, store and secure personal customer data.

This means that GDPR impacts marketing, it changes sales prospecting and it requires change in customer service departments as all personal data needs to be handled in a more professional manner.

The good news is that GDPR and CRM have a lot in common as both GDPR and CRM are about building deeper trust and loyalty with new and existing customers through the professional handling of personal customer data.

At SuperOffice, our product team has been busy developing new features to support our customers journey towards compliance.

Here’s 3 key features we have launched so far:

1. Privacy by design

Privacy by design with GDPR

GDPR and privacy management go hand in hand together. Privacy is not something that is added to an existing application, but built into the core architecture and functionality.

At SuperOffice, we are committed to including privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data

2. Privacy data lifecycle management

GDPR comprises of eight basic rights.

These rights are given to individuals to protect their private lives and control the digital footprints they leave behind when using internet-based applications and services.

These rights are meant to create openness, control, and trust between the parties.

GDPR specific functionality in SuperOffice CRM supports the fulfillment of each of the 8 rights.

Privacy data lifecycle management

3. Managing personal data with CRM

Customer data, which goes into a CRM, is by default, also personal data. Different types of data have different rules for how it should be processed.

For example, basic data such as names, addresses, phone numbers are more general data and can be open to all employees within your company.

On the other hand, highly sensitive data such as tax information, bank account information, personal agreements, and contracts require more security and relevant user access.

SuperOffice CRM allows you to set up routines and automated rules for how different types of personal data can and should be handled by your company.

3 CRM features to help you manage customer data

The number of GDPR compliant features will continue to be rolled out throughout the year. But, the first wave of GDPR features became available in a new version of SuperOffice CRM in February, 2018 - long before the May 25th deadline.

These 3 features included consent management, subscription management and bulk updates.

1. Consent management

GDPR requires businesses to have a defined purpose for collection information persons. This reason (or purpose), should always be supported by a legal basis.

What is a legal basis?

A legal basis can be a contractual obligation, a legitimate interest for storing and using data or that explicit consent has been given.

Anytime that consent is used as the legal basis for collecting and storing personal data, GDPR requires that a company prove that consent has been granted by a person.

Consent management feature in CRM

For each contact (person) inside SuperOffice CRM, you can digitally record consent, state the legal basis for why you’re storing the data, store the source from where you got the consent (i.e. a webform) and store when and who has updated the information.

You can see exactly how consent management works in SuperOffice by watching the short 3 minute video below:

2. Subscription management

Even when a contact has given his consent to receive email marketing campaigns from your company, he/she should always have the right to object or opt-out from receiving future marketing communications, according to GDPR.

New functionality inside SuperOffice allows prospects and customers to decide for themselves what kind of information they want to receive – whether it’s blog post updates, white papers or product training material - as well as decide on the type of content they do not want to receive.

This new feature means you can send highly targeted emails to subscribers based on their interests - which is something that GDPR encourages when it comes to email marketing.

For email marketers’, this is the Holy Grail as segmented email campaigns significantly improve your email marketing results.

Subscription management feature in CRM

3. Bulk updates

This first phase of these CRM features was all about helping you to make your customer database GDPR compliant.

Once you’ve evaluated your database for what kind of personal information you have, where it comes from and what legal basis you have for keeping it, and set up how you want the data to be handled, you will need a way to update all this personal data in the new GDPR world.

Bulk updates help you to tune up and clean up your database in an easy way.

Rather than updating personal records one by one, which is can be time-consuming, you can set up specific rules and use the bulk update feature to set purpose, legal basis, source and date on multiple records in a single click. - saving you a ton of time!

Bulk update feature in CRM


GDPR is in full effect!

If your current CRM system doesn’t support these GDPR compliant features, you need to find a new solution, before it’s too late!

To test these new features out, sign up to a free demo. Once you have signed up, one our experienced sales reps will walk through the new functionality and show you how they can support your business in a GDPR world.

If you’re not yet ready for a free trial, then sign up to one of our events to learn how GDPR affects the way you manage customer data.

For customers that use our cloud-based CRM solution, these features are automatically available to you when launched. Plus, our SaaS CRM is ISO certified, so you and your customers can be rest assured that your data is safe and secure.

Next steps

Before you leave, I have a quick question for you:

What kind of challenges have you come up against in your GDPR journey?

Let us know in the comments section below.

Do you want to learn more about how GDPR and SuperOffice CRM?

Request a free, personalized demo and we'll walk through it, step by step.

Disclaimer: The content in this blog post (including all responses to comments) is not to be considered legal advice and should be used for information purposes only.

Back to articles