Introduction

The General Data Protection Regulation (GDPR) came into effect in May 2018 to protect EC citizens’ personal data, enshrining the principle that a citizen’s personal data belongs to them and not to the organisation collecting it.

GDPR Statement of Compliance at SpotlerCRM

SpotlerCRM complies with the provisions of GDPR both in our capacity of Data Controller of our customers’ personal data and as Data Processor for customers of our CRM.

  • All customer data is stored within the EC in data centres that are ISO27001 compliant, with data on our production servers encrypted at rest
  • All our sub processors where we store or pass personal data are GDPR compliant. For a full list of our data subprocessors click here
  • We have in place a Data Protection Officer, a Breach Notification Process and policies for Right to Erasure & Data Portability
  • All our staff are subject to our Customer Data Access Policy enforced in their employment contracts

Product Features

SpotlerCRM is one of the few CRM products that has built-in GDPR compliance features, allowing our users to capture and store consents. See Mailing & Consent Lists for more details.

Updated October 2019

Read our blog for further information on the implications for GDPR and Brexit.