Make your Vtiger compliant with GDPR it’s an important topic to respect the new european law. We will explain how to set your vtiger to achieve this result.
General rules
Old contacts
If old contacts are obtained in a way compliant with GDPR you don’t need to ask permission again. But if not you need to ask for a new permission with all GPDR’s rules respected. So you need for example to send an email re-asking for permission to send other emails.
How should be webform
In form:
- you need to ask for consent for each distinct use of people’s personal data
- consent check could not be prefilled
- you need to provide clear terms of use and privacy policy (directly in form or linked)
Get permission
Get permission with single OPT IN
Contact origin could be a
- webform
- webservices
- manual creation
In all this cases you need to:
- save in one field source of permission (you can use i.e. lead source)
- save in one field data you get permission
Of course you can populate data field with a workflow.
Get permission with double OPT IN
Same as before but ff you want use double OPT IN to get permission, after you get first permission from contact you can send, with a workflow, an automatic email asking for confirmation. In email you will add a confirmation link that will forward to an advanced webform with autosubmit checked. In this way you can automatically update values on CRM and customer need a click. If you need more action link can forward to a form where you can get all data you need.
Consult, modify and delete data
GDPR expect that every contact can:
- ask that his data are deleted in the system
- consult and modify his data
Ask to delete data
An idea to manage this topic is allow every contact to send an email to a specific email address (in example: privacy@vtextra.com) with the word DELETE in subject. Email sent to this address should be scanned with workflow designer mailscanner and if contain in subject the word DELETE than a workflow mark record that have correspondant email in email field to be deleted, or automatically delete this record.
Consult and modify data
To achieve this result we can imagine that people receive email with a link that open a webform created with advanced webform, prefilled, where people can consult or modifiy data. Link could be sent in various situation:
1 – in email campaign created with email marketing module
2 – in standard email sent from CRM if present in email template
3 – received via email after an email is sent to a specific email address (like privacy@vtextra.com) where subject is not DELETE. In this case mailscanner from workflow designer can activate a workflow that send an email with link that land to webform with all data.
Set an advanced webform to do that it’s easy.
- create an advanced webform where recognize by ID is flagged
- set fields you want to show
- save webform and publish
- call webform with workflow designer using a link like: http://yoursite.com/gdpr.html?record=$id&lastname=$lastname&phone=$phone&firstname=$firstname&email=$email
For example following lead:
will generate a link like:
http://yoursite.com/gdpr.html?record=1070&lastname=Travaglini&phone=1111&firstname=Simone&email=info@opencrmitalia.com
That show this form:
Now your lead can see and update data. Of course based on your need and advanced webform configuration you can show fields you need.
Permission exipiring
Becouse GDPR expect that permission have a limited period of time, when data of expiration is get, you can send an email with workflow desginer to ask permission for a long time. Also in this case a link in email will lead to a form created with advanced webform that allow to update data.
Privacy of data
Vtiger allow to set as private data, and set sharing rules, so you can decide who can see what. This allow you to be compliant with GDPR.
Password
Also if GDPR is not talking directly about password, to be sure that data are correctly protect it is necessary to use good security tools.
To create a better security in vtiger we created a new module, called SECURITY TOOLS that allow you:
- force users to set secure password
- set automatic renew password flow every x month
Email opt-out
Of course our email marketing module have opt out option.
Modules can help you with GDPR