
Real-Time Marketing & Other New Features for Dynamics 365 Marketing
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). This is enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.
The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
As an organisation operating in the Customer Relationship Management market, Preact has always been committed to high standards of data protection, information security, privacy and transparency.
Preact will honour our customer's right to data privacy and protection and as such we have revised our internal policies in order to meet the requirements of the GDPR.
By doing so we will safeguard the personal information under our remit and develop a robust data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation of the GDPR.
We place a high priority on protecting and managing data in accordance with accepted standards and helping our customers use CRM technology to do the same.
Preact will be complying with the GDPR as a processor and controller of data and the company has been planning and developing a project of works that will deliver what is required by this regulation.
These include but are not restricted to:
As a technical consultancy and support provider it is often necessary for us to remotely connect to our customers CRM environment. This may include, but is not limited to, a remote session that would enable us to fix a user reported problem, apply a customisation to your database, configure a new process, build a new report or import a data list.
In these instances, Preact will be complying with the GDPR as a data processor and we will be processing data to fulfil our contractual responsibilities.
To meet the requirements of the GDPR, when we process the personal data that is controlled by our customers we have in place a number of systems, processes, products and services to safeguard data to meet these demands.
In undertaking these engagements Preact shall offer the following commitments:
Remote Consultancy & Support - We will require explicit consent from an authorised individual working on behalf of our customer before we can initiate a remote dial-in or screen-share session if this involves a member of our team taking control of their computer and accessing your database.
Screen Recording - In some instances, it may be helpful for us to record these sessions if further research or discussion is needed that will enable us to resolve issues or provide a solution for a new requirement. Where a recording is proposed, we will request permission in advance. This recording will only be retained for as long as necessary to implement a resolution or solution. A copy of this recording can be shared with the customer upon request.
Data Deletion - we will not delete personal data that is currently stored on your CRM system. In any instances that we receive personal data from you, for example as a spreadsheet to import into your CRM system, the source file containing this personal data shall be deleted once the requirement is completed.
CRM System Changes - if you require our team to make any changes to your system that will affect the personal data under your control, this process shall be subject to our change control process and will need to be formally approved by you.
Direct System Access - so that we can quickly and easily respond to some requirements we may propose that this work is completed remotely. This will involve a member of our team directly accessing your system from their computer. As stated above, this will be subject to our normal change control process and when logging into a customer system Preact shall only use a delegated administrator account or a specific login that is specific to Preact that will enable our representative’s actions to be tracked and audited.
Tracking Database Log-In - in each instance that we connect to your CRM environment, whether through a dial-in session or directly using log-in credentials, as stated above, Preact shall record the timing of this access.
Preact's senior management team will continue to monitor this project through May 2018 and beyond. We will continually look at ways of improving our systems and procedures to better comply with GDPR best practice.