Pipedrive - GDPR compliance and marketing consent

Published: Aug 13 2021
Valid until:
Sep 30 2021
Budget
$150

Project description

Adapting Pipedrive to the GDPR requirements and our new Privacy Policy - two processes

1. From time to time we receive a request from customers to stop marketing mailings or remove their data from our database. While the first case is simple for us​,​ because we have created checkboxes with marketing consent in Pipedrive and tick them off if necessary​,​ the second type of request (data deletion) is more troublesome. According to the GDPR​,​ we should simply remove the contact from Pipedrive completely and not process it anymore​,​ but on the other hand​,​ we often import large external databases into it​,​ where such a contact can be found again. In other words​,​ we are afraid of a situation in which someone categorically requests the deletion of their data​,​ and in some time we download it again along with a large​,​ external database​,​ add it to the CRM again and Pipedrive does not protest​,​ because the e-mail address used to associate contacts is already deleted. As a result​,​ we can resend unsolicited marketing emails to the customer.

It occurred to us that some kind of solution could be graying out​,​ encrypting​,​ anonymizing or whistling data from deleted contacts. So that in the light of the GDPR​,​ they no longer constitute personal data that we process all the time​,​ but that they are still sewn somewhere​,​ and CRM can recognize that the e-mail address is on the "black list" and display an appropriate message to us. I haven't found such a solution in Pipedrive​,​ so the question is​,​ would you be able to do something like this?

We receive a request from a CRM client to forget his personal data. There is a check-box or a functionality (button) created in CRM​,​ which​,​ when launched​,​ makes personal data (all that is in CRM in the available windows​,​ i.e. name​,​ surname​,​ e-mail address​,​ phone numbers​,​ as well as everything from the contact history) (where there are personal data) they become invisible​,​ but they cannot be completely deleted from CRM​,​ because the next time we try to enter such data into the system​,​ we must receive system information that a given contact asked us to forget. And now the following process opens for us : personal data are entered into the CRM and after pressing the save button​,​ CRM spits out a prompt containing the following information (who forgot the data - what CRM user on our part​,​ when - date and confirmation when the said person received confirmation of forgetting from us). reasons​,​ such a person is to be re-entered in the CRM​,​ the user should receive a prompt with the information that he confirms that this person has agreed to re-enter his personal data (reason: handing over a business card​,​ meeting​,​ etc.) and after pressing the button​,​ I confirm​,​ an e-mail is sent to the indicated person from the organization​,​ who finally confirms the action and then the data can be entered or old data appear for possible editing.

2. Our privacy policy states that we will keep the data for up to 3 years from the date of contact or performance of the contract. Is it possible for Pipedrive after this period to automatically delete such data or move it to something like an encrypted archive? In a way to not process personal data​,​ but to still be able to view​,​ for example​,​ the history of correspondence?

Each personal record on which no action was performed (phone​,​ note) had been for 3 years​,​ it is automatically removed from the CRM (to consider whether it is completely or just as in the above case)​,​ but with a prompt that the record has been forgotten in in connection with the provisions of the personal data protection policy (and here also the record of the date of forgetting by whom the system action will be).

*Polish language preferred​​,​ description attached below


See more details... (1)

Project scope

Automate Pipedrive to cancel marketing contact when requested by lead.
Prevent adding blocked leads(requested for delete from database) when uploading new, external database.
Stop data processing of leads after 3 years of first contact or service

Required software

  • Pipedrive

Share this project!

Sorry, this project is closed.

Create your expert profile to apply for projects