eKeeper CRM & GDPR

There are a number of rights and processes that must be adhered to as part of the General Data Protection Regulation.

This is how the eKeeper CRM will help its customers fulfill the requirements of GDPR…

  • Consent

    A new consent capture area which includes separate (and granular) consent for essential contact, marketing contact and passing of data to other systems.
    Ability for a customer to record and update consent via the client portal.
    Warnings throughout the system if consent not given to further help users adhere to the client’s preference.
    eKeeper’s existing marketing tools make it easy to contact clients to reaffirm consent.
  • Data privacy

    Your privacy policy can be displayed on the client portal
    Customers not using the client portal can record the specific wording within eKeeper CRM so they have a fully accurate record of what privacy statements have been presented to the client to capture the client’s consent to how the data is processed.
  • Data breaches

    In the unlikely event of a data breach the mass-mailing features in eKeeper CRM will allow you to contact those affected (if required).
    eKeeper CRM has comprehensive user access controls which allows you to restrict users to only the customer records they should see.
  • Right of access

    eKeeper CRM already has comprehensive export facilities to provide customers with a copy of their data.
  • Right to rectification

    A customer’s details can be easily updated using the edit functions.
    You can use a case note (of a specific type if required) to record a rectification request to prove how and when the request was acted upon. Diary reminders can be easily created at the same time to ensure the activity is completed in the prescribed timescales. You can also record the time spent on these activities to allow analysis on how many requests you are getting and the impact (in time) on your business.
  • Right to erasure

    With the right permissions it is easy to permanently delete a customer and their data from the system.
  • Right to restrict processing

    You can use a case note (of a specific type if required) to record a request for restricted processing to prove how and when the request was acted upon. Diary reminders can be easily created at the same time to ensure the activity is completed in the prescribed timescales.
    System controls will then allow you to restrict the processing of customer data.
  • Right to data portability

    eKeeper CRM will allow the export of customer data in a commonly used machine-readable format.
  • Right to object

    You can use a case note (of a specific type if required) to record an objection request to prove how and when the request was acted upon. Diary reminders can be easily created at the same time to ensure the activity is completed in the prescribed timescales. You can also record the time spent on these activities to allow analysis on how many requests you are getting and the impact (in time) on your business.
    You can easily withdraw consent with a full history retained.
  • Data security

    Ekeeper Group maintain strict procedures to ensure the integrity and security of its customers’ data. These procedures include, but are not limited to…
    DBS Checks, all staff members undergo FULL background checks prior to offer of employment.
    All staff are trained to follow the companies Data Protection Policy.
    Ekeeper Group’s infrastructure is entirely dedicated and located only inside the EU.
    Access to production systems is limited to a small dedicated team of senior engineers. Prior to this access being granted each user undergoes training sessions covering the procedures involved in managing production servers.

    Ekeeper Groups production servers are hosted in ISO27001/2 compliant data centres. These are further protected by both hardware and software security levels, including…

    • WAF (Web Application Firewall) – to protect against a multitude of software driven types of attack.

    • Hardware Firewall – to ensure that levels of access are restricted to specific addresses, or locations.
    • Managed Security – our hosting partner supply us access to Cyber Security analysts who constantly monitor our servers looking for specific actions occurring and taking preventative steps in the event of a possible threat.
    • Back Ups – all servers and databases are fully backed up, with backups retained for 14 days.
    • Disaster Recovery – our primary hosting site is replicated to an offsite location to provide a fallback solution should the primary site be compromised in anyway, such as loss of power.
    • Security Review Panel – the Ekeeper Group security panel meet weekly to discuss security needs, and plan for any required implementation of new security measures.