Expert Advice Community

Guest

Accessing business CRM and customer data

  Quote
Guest
Guest user Created:   Feb 03, 2020 Last commented:   Feb 07, 2020

Accessing business CRM and customer data

Hi, we are a small business that provide TV subscription for its customers. Customers' data are stored in CRM system run by 3rd party. As a financial controller and data processor (?) and authorized person to use CRM can I access customer's data freely ie what purchase individual made etc or any other reason that is required for business purposes without breaking GDPR rules? Basically I would like to make sure that I have the right to access customer information if needed.

0 0

Assign topic to the user

Assign

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 07, 2020

A data processor and any authorized person is allowed to access to personal data stored in CRM only limited to the purpose of the processing established in the privacy notice.

For more information about data processor and data controller, please read the article:EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/.

The principle of purpose limitation is one of the key principles of GDPR to keep in mind.Therefore, you cannot access for purposes outside the ones illustrated in the privacy notice. As a consequence, if the reason for accessing customer data stored in CRM is in line with the purpose of collection and storage (i.e. verifying payments) the access will be compliant with GDPR provision. If the purpose of accessing personal data is not covered by your privacy policy you may consider to amend it in order to inform your customers that you will access their data for that purpose.

Depending on the purpose you may also need to verify the legal ground of such processing and verify if you need customer consent or you can process under another legal ground.

For more information, please read the following articles: Understanding 6 key GDPR principles https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/

Article 7 – Conditions for consent  https://advisera.com/eugdpracademy/gdpr/conditions-for-consent/ Article 6 – Lawfulness of processing https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/ 

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 03, 2020

Feb 07, 2020