Accessing business CRM and customer data
Hi, we are a small business that provide TV subscription for its customers. Customers' data are stored in CRM system run by 3rd party. As a financial controller and data processor (?) and authorized person to use CRM can I access customer's data freely ie what purchase individual made etc or any other reason that is required for business purposes without breaking GDPR rules? Basically I would like to make sure that I have the right to access customer information if needed.
Assign topic to the user
A data processor and any authorized person is allowed to access to personal data stored in CRM only limited to the purpose of the processing established in the privacy notice.
For more information about data processor and data controller, please read the article:EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/.
The principle of purpose limitation is one of the key principles of GDPR to keep in mind.Therefore, you cannot access for purposes outside the ones illustrated in the privacy notice. As a consequence, if the reason for accessing customer data stored in CRM is in line with the purpose of collection and storage (i.e. verifying payments) the access will be compliant with GDPR provision. If the purpose of accessing personal data is not covered by your privacy policy you may consider to amend it in order to inform your customers that you will access their data for that purpose.
Depending on the purpose you may also need to verify the legal ground of such processing and verify if you need customer consent or you can process under another legal ground.
For more information, please read the following articles: Understanding 6 key GDPR principles https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/
Article 7 – Conditions for consent https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/ Article 6 – Lawfulness of processing https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
Comment as guest or Sign in
Feb 07, 2020