KINAMU Privacy Module

Introduction Video

Functionality of the Module

This product supports the GDPR-relevant CRM processes in particular:

• Recording and logging of GDPR requests
• Escalation in case of deadline overruns via workflows
• Checklist and documentation of your GDPR work steps
• GDPR log: Overview of all performed actions (who, what, when, in which system)
• Automated anonymization of personal master data in the CRM
• Automated deletion of personal activities:
  Calls, appointments, emails, tasks, notes in the CRM

Recording and logging of GDPR requests

The module GDPR Request serves as a central repository for data protection relevant requests. For each request, a separate record can be created and assigned to a contact or prospect.

Recording of requests on the contact

Escalation in case of deadline overruns via workflows

In the GDPR module, you can set an end date, based on which automated workflows can be created based on the recording period and status. This allows you to ensure that legally required deadlines are met.

Workflows can be created in the Workflow module.

Reminder workflow for GDPR requests

Checklist and documentation of work steps

The GDPR came into effect on May 25, 2018, granting data subjects extensive rights to exercise inspection and control over their personal data. This results in numerous obligations for data controllers. To comply with these in a controlled manner, KINAMU has implemented a checklist for the GDPR guideline's stored request types to guide and document processing. This checklist is stored in the GDPR module, thus allowing incoming requests to be processed. By default, checklists are provided for the following requests:

Note: Installing the KINAMU GDPR module does not automatically make you GDPR compliant, as you also need to demonstrably document your systems and processes concerning personal data during implementation. We are happy to support you with a workshop for implementation.

Although the CRM system can be used to support all GDPR activities, it is important to understand that a CRM system is only one of the IT systems processing personal data. A data controller must ensure that data protection is applied by design and by default for all IT systems. This means the data controller must take appropriate technical and organizational measures. These measures must be designed so that data protection principles are effectively implemented and all necessary guarantees are integrated into processing to meet the GDPR requirements and protect the rights of the data subjects.

Work protocol/checklist

Secure deletion

A deletion request from a data subject not only affects the record in the contact module but also prospect records and personal data in linked modules. For this, the KINAMU GDPR module provides a tool that makes it possible to find and anonymize data in the contact and lead records.

Anonymization / Deletion

Via the anonymization tool, every user assigned the role "Privacy Manager" accesses a list of linked contacts and leads proposed for anonymization/deletion, which they can review and select.

When selecting the relevant personal records, a list of related records such as calls, meetings, emails, notes appears. These can either be deleted or archived if still relevant.

The archive option means that the record remains in the system. The personal record itself is not deleted, but fields with personal data are overwritten (email address, phone number, address, etc.). When anonymizing, the audit log of the personal data fields is also cleared.