GDPR and CRM: How to Manage Customer Data in 2018

GDPR and CRM: How to Manage Customer Data in 2018

Post summary:

  • What is GDPR and why is it important to your business?
  • How GDPR and CRM can support your journey to compliance
  • 3 CRM features to look for to help you manage customer data better

The new EU privacy regulation called the General Data Protection Regulation (GDPR) has now came into effect.

With it, it imposes strict requirements on the way businesses collect, store and manage personal data.

If you’re unfamiliar with GDPR, here’s what you need to know:

GDPR provides citizens of the EU with greater control over their personal data and assures that their information is being securely protected across Europe, regardless of whether the data processing takes place in the EU or not.

Personal data can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.

Typically, this is the kind of data you store in your CRM system.

But, GDPR only impacts big companies, right?


If you use a database to store prospect or customer information, then you cannot ignore GDPR.

And according to a survey from the Global Alliance of Data-Driven Marketing Associations (GDMA) and Winterberry Group, 92% of companies use databases to store information on a customer or a prospect.

Percentage of companies that store customer information in a database

Therefore, GDPR impacts businesses of all shapes and sizes.

Including yours.

Why is GDPR important to your business?

GDPR encompasses 3 main areas that every business needs to consider:

  1. The GDPR regulation itself
  2. The systems you use to store all your customer data
  3. The legal aspects of the regulation and how it will affect the way you handle personal data

The 3 business areas that GDPR impacts

Therefore, if you use a CRM solution, then it should support the collection and management of personal data in a secure way.

With regards to the regulation and understanding of the legal aspects and privacy rights described in the law, we recommend that you seek legal advice and consult other GDPR resources to ensure your business is compliant.

Your national data protection authority has useful descriptions and explanations on privacy. For more resources on GDPR, you can read the complete legislative text of GDPR here, and the EU has an official GDPR web portal, where you will find relevant explanations of what your business needs to do.

How can CRM support your journey to GDPR compliance?

GDPR has a big effect on how businesses collect, store and secure personal customer data.

This means that GDPR impacts marketing, it changes sales prospecting and it requires change in customer service departments as all personal data needs to be handled in a more professional manner.

The good news is that GDPR and CRM have a lot in common as both GDPR and CRM are about building deeper trust and loyalty with new and existing customers through the professional handling of personal customer data.

At SuperOffice, our product team has been busy developing new features to support our customers journey towards compliance.

Here’s 3 key features we have been working on so far:

1. Privacy by design

Privacy by design with GDPR

GDPR and privacy management go hand in hand together. Privacy is not something that is added to an existing application, but built into the core architecture and functionality.

At SuperOffice, we are committed to including privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data

2. Privacy data lifecycle management

GDPR comprises of eight basic rights.

These rights are given to individuals to protect their private lives and control the digital footprints they leave behind when using internet-based applications and services.

These rights are meant to create openness, control, and trust between the parties.

New functionality in SuperOffice CRM supports the fulfillment of each of the 8 rights.

Privacy data lifecycle management

3. Managing personal data with CRM

Customer data, which goes into a CRM, is by default, also personal data. Different types of data have different rules for how it should be processed.

For example, basic data such as names, addresses, phone numbers are more general data and can be open to all employees within your company.

On the other hand, highly sensitive data such as tax information, bank account information, personal agreements, and contracts require more security and relevant user access.

SuperOffice CRM allows you to set up routines and automated rules for how different types of personal data can and should be handled by your company.

3 CRM features to help you manage customer data

The number of GDPR compliant features will continue to be rolled out throughout the year. But, the first wave of GDPR features became available in a new version of SuperOffice CRM in February, 2018.

These 3 features included consent management, subscription management and bulk updates.

1. Consent management

GDPR requires businesses to have a defined purpose for collection information persons. This reason (or purpose), should always be supported by a legal basis.

What is a legal basis?

A legal basis can be a contractual obligation, a legitimate interest for storing and using data or that explicit consent has been given.

Anytime that consent is used as the legal basis for collecting and storing personal data, GDPR requires that a company prove that consent has been granted by a person.

For each contact (person) inside SuperOffice CRM, you can digitally record consent, state the legal basis for why you’re storing the data, store the source from where you got the consent (for example, a webform) and store when and who has updated the information.

Consent management feature in CRM

2. Subscription management

Even when a contact has given his consent to receive email marketing campaigns from your company, he/she should always have the right to object or opt-out from receiving future marketing communications, according to GDPR.

New functionality inside SuperOffice allows prospects and customers to decide for themselves what kind of information they want to receive – whether it’s blog post updates, white papers or product training material – as well as decide on the type of content they do not want to receive.

This new feature means you can send highly targeted emails to subscribers based on their interests – which is something that GDPR encourages when it comes to email marketing.

For email marketers’, this is the Holy Grail as segmented email campaigns significantly improve your email marketing results.

Subscription management feature in CRM

3. Bulk updates

This first phase of these CRM features is all about helping you to make your current customer database GDPR compliant.

Once you’ve evaluated your database for what kind of personal information you have, where it comes from and what legal basis you have for keeping it, and set up how you want the data to be handled, you will need a way to update all this personal data in the new GDPR world.

Bulk updates help you to tune up and clean up your database in an easy way.

Rather than updating personal records one by one, which is can be time-consuming, you’ll be able to set up specific rules and use the bulk update feature to set purpose, legal basis, source and date on multiple records in a single click. – saving you a ton of time!

Bulk update feature in CRM


GDPR is in full effect!

If your current CRM system doesn’t support these GDPR compliant features, you need to find a new solution, before it’s too late!

To test these new features out, sign up to a free demo. Once you have signed up, one our experienced sales reps will walk through the new functionality and how they can support your business in a GDPR world.

If you’re not yet ready for a free trial, then sign up to one of our events to learn how GDPR affects the way you manage customer data.

For customers that use our cloud-based CRM solution, these features are automatically available to you when launched. Plus, our cloud version is ISO certified, so you and your customers can be rest assured that your data is safe and secure.

Next steps

Before you leave, I have a quick question for you:

What kind of challenges have you come up against in your GDPR and CRM journey?

Let us know in the comments section below.

Do you want to learn more about how GDPR and SuperOffice CRM?

Request a free, personalized demo below and we’ll walk through it, step by step.

Request a personalized demo

Disclaimer: The content in this blog post (including all responses to comments) is not to be considered legal advice and should be used for information purposes only.


About Cathrine Davis

Cathrine Davis

As Director of Product Marketing at SuperOffice, my job is to showcase the benefits and value of each new product and feature we launch. While I occasionally create content for the SuperOffice blog, I spend most of my time sharing product tips and tricks on our dedicated customer community.


Grant Trotter

about 7 months ago

I agree that GDPR compliance is challenging – no question about it – so thanks for the helpful information. I think it’s important to note (at least from what I’ve seen) that scope must be determined early on and that quite a bit of documentation needs to be in order. Scope in that controllers and processors need to be aware of what personal data are they storing, processing, and transmitting for EU data subjects. I’m also finding that GDPR compliance for U.S. businesses is quite challenging because the almost overwhelming amount of information that needs to be consumed and understood by internal compliance personnel – it’s quite a bit to say the least. Good luck everyone on GDPR compliance.


Steven MacDonald

about 7 months ago

Thanks for comment, Grant. And you're absolutely right, it really is a challenge!


Graham Massie

about 5 months ago

This is good stuff but there is at least one hint that the approach may be different for the cloud-based version of SuperOffice compared to in-house. Are the GDPR-related differences spelt out anywhere?


Steven MacDonald

about 5 months ago

Thanks, Graham! Have you visited our customer community lately? There's a ton of information on GDPR/ product here:



about 5 months ago

I am struggling with the "right to be forgotten" with regard to sales information. If we sell to a customer we record that information for accounting purposes, say name, address and invoice value. If that customer then chooses to "be forgotten" we are legally bound to delete all the data we have on them - presumably including our sales record. Which then makes our sales totals wrong. I must be missing something here?


Steven MacDonald

about 5 months ago

Great question, Dennis. I'm sure many readers can relate! The good news is I cover this in more detail here:



about 3 months ago

Thanks for the information on GDPR. But it is quite confusing for small business as we can not afford consultant for this. How do I handle customer data where they share almost most of PII for product delivery from our eCommerce platform in EU region. Do I have to delete every data once order is processed? If so, how can we support them in case of future assistance of same product. It will be really frustrating for customer to mention their address and other detail every time after purchase. Can you pleas guide us on this? regards Lalit


Steven MacDonald

about 3 months ago

Hi Lalit, you're right it is confusing! I feel your pain here, but luckily, the way you handle customer information is less strict compared to prospect information.


Roger Butler

about 3 months ago

With several technological advancements in the digital marketing world, GDPR and CRM will both complement each other. GDPR and CRM are having the same aim i.e. builds deeper trust and loyalty with your contacts by handling their personal data professionally. GDPR’s main aim is to protect the privacy of people that superficially looks like a threat to outbound marketing. But it’s actually not! Here is an in depth article about the connection between GDPR and outbound marketing. Thanks, Cathrine for sharing this unique information about the connection between CRM and GDPR.


Steven MacDonald

about 3 months ago

Well said, Roger!


Pierre Becquart

about 2 months ago

Hey everyone. Interesting blog, thanks Cathrine & SuperOffice! In a GDPR training I got some time ago, we were told that GDPR applies "only" to B to C and not to B to B. There would be a significant difference between stored data fromJohn Doe @ Honeywell (job address) and John Doe @ home. Any comment on this ? Friendly from Belgium. Pierre


Steven MacDonald

about 1 month ago

Thanks, Pierre! GDPR applies to any business that stores customer data - so it applies to both B2B and B2c.


Cathrine Davis

about 1 month ago

Thanks, Pierre, And yes, Steven is right. GDPR applies to all types of organizations handling personal data. It doesn't separate on whether your company focusses on B2B or B2C or operate in the private or public sector. The directive does, however, set even higher requirements if you prosses personal data of sensitive nature (e.g. political beliefs, sexuality, religion and so on) (Art 9). If such type of data is necessary to provide your products and services you are best to look into what the GDPR says explicitly about such type of data. There are many sources that can help you, and one that I personally find useful to look at is the legal firm of DLA Piper and their GDPR section.


Leave a Comment

Sign up to a free SuperOffice CRM trial.

It’s free for 30 days. No credit card required.

Start Free Trial