The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 to protect EC citizens’ personal data, enshrining the principle that a citizen’s personal data belongs to them and not to the organisation collecting it.
GDPR Statement of Compliance at Really Simple Systems
Really Simple Systems complies with the provisions of GDPR both in our capacity of Data Controller of our customers’ personal data and as Data Processor for customers of our CRM.
- All customer data is stored within the EC in data centres that are ISO27001 compliant, with data on our production servers encrypted at rest
- All our sub processors where we store or pass personal data are GDPR compliant. For a full list of our data subprocessors click here
- We have in place a Data Protection Officer, a Breach Notification Process and policies for Right to Erasure & Data Portability
- All our staff are subject to our Customer Data Access Policy enforced in their employment contracts
Really Simple Systems is one of the few CRM products that has built-in GDPR compliance features, allowing our users to capture and store consents. See Mailing & Consent Lists for more details.