{"id":1506,"date":"2018-03-21T12:29:21","date_gmt":"2018-03-21T12:29:21","guid":{"rendered":"http:\/\/crmtiger.com\/blog\/?p=1506"},"modified":"2024-06-14T06:46:22","modified_gmt":"2024-06-14T06:46:22","slug":"gdpr-your-vtiger-community-version-getting-ready-with-it","status":"publish","type":"post","link":"https:\/\/crmtiger.com\/blog\/gdpr-your-vtiger-community-version-getting-ready-with-it\/","title":{"rendered":"GDPR: Your vTiger Community Version Getting Ready With It?"},"content":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a regulation adopted by the EU Parliament and Council that protects the personal data of EU citizens. It was passed into law in May 2016 and will be in full force starting May 25, 2018.<br \/>\n<!--more--><br \/>\n<span style=\"font-weight: 400;\">While this is not the first law aimed at protecting personal data in EU, GDPR consists of regulations which are changing the privacy landscape dramatically. The regulation applies any organization or body operating in EU but it also includes any worldwide organization or entity that operates with EU citizen\u2019s private data. GDPR also defines expensive fines for any breach of compliance &#8211; \u20ac20 million or 4% of a company\u2019s global turnover, whichever is higher. It\u2019s no wonder with these 2 facts alone that the regulation has attracted a lot of attention.<\/span><br \/>\n<span style=\"font-weight: 400;\">This document is created to help organization using vTiger prepare for GDPR compliance. It covers the vTiger software and describes how to use vTiger features to perform preparation activities and routine tasks needed for GDPR compliance. However, it does not describe processes inside your organization which needs to be performed both at preparatory stage and thereafter. This whitepaper is based on the <a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-the-general-data-protection-regulation-gdpr\/\" target=\"_blank\" rel=\"noopener noreferrer\">UK Information Commissioner\u2019s office recommendations and checklist<\/a>.\u200b<\/span><br \/>\n<span style=\"font-weight: 400;\">You can also find more information about GDPR at the <a href=\"https:\/\/www.eugdpr.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">EU GDPR Portal<\/a>.\u200b<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>GDPR checkpoints<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">This section provides guidance for performing actions required by GDPR for both before and after May 25, 2018 when the regulation goes into effect.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Data audit<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">GDPR guides and checklists recommend performing an organizational data audit in order to identify all components and systems used in your organization that store and process personal data. By its nature, the vTiger software collects, stores and processes personal data of your customers. Your organization needs to discover and document the systems, components and physical elements of your infrastructure which store personal data of your customers. That is why we documented these software components for your convenience.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Logical structure<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">vTiger use the following entities to store personal data:<\/span><\/p>\n<ul style=\"list-style-type: none;\">\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Lead<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Contact<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Organization<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Opportunity<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">There are also special cases like:<\/span><\/p>\n<ul style=\"list-style-type: none;\">\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Web tracking &#8211; this feature can collect different data including personal data. The exact content depends on the scripts used by organization so please consider a close review of your web tracking scripts to understand if your instance of vTiger tracks personal data.<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The specific structure of these entities depends on the particular configuration of your vTiger instance. You can use the Entity management\u200b feature or CRUD form to inspect the content of each entity.<br \/>\n<\/span><br \/>\n<span style=\"font-weight: 400;\">During data audit, we advise you to set the property Auditable\u200b to True\u200b for all entities containing personal data. This will enable data audit trails for tracking personal data changes inside your vTiger.<\/span><br \/>\n<a href=\"https:\/\/crmtiger.com\/contact-us.html?utm_source=blog-nm&amp;utm_medium=crmtiger-nm&amp;utm_campaign=del-module-vtiger-nm\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"160\" class=\"alignnone size-medium wp-image-2316\" src=\"https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger.jpg\" alt=\"\" srcset=\"https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger.jpg 650w, https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger-300x74.jpg 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Physical storages<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">All data for vTiger entities is stored in the database (MySQL or PostgreSQL &#8211; depending on the specifics of your deployment). <\/span><br \/>\n<span style=\"font-weight: 400;\">Web server access logs, as well as any other system logs configured by your organization\u2019s sysadmins, can also contain personal data as a part of a request or query so these logs must also be reviewed during the audit.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Integrations<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">vTiger uses different integrations with identity providers and services, e-marketing sending systems, e-commerce and help-desk systems . This means that vTiger can perform personal data exchanges with these systems so you need to define which data is sent, provide this information to users (if requested) and develop a process for coordinating user\u2019s requests with this systems (e.g. deleting personal data).<\/span><\/p>\n<h4 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong> Collect, store and present user&#8217;s consent for personal data<\/strong><\/span><\/h4>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong> Collecting consent in vTiger<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">vTiger does not allow users to create their own record so it is the responsibility of the person who creates a new record in the CRM to collect consent from your customer for the storing and processing of their personal data.<\/span><br \/>\n<span style=\"font-weight: 400;\">However, existing vTiger data may contain where user consent needs to be collected before May 25 2018. We recommend creating a Segment\u200b containing such users (e.g. citizens of EU country) and sending them an email using our Marketing campaign\u200b feature. All replies consenting to storing and processing their information must be handled by your team. The way to store customer consents in vTiger is described in the next section.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong> Storing and reporting collected consents<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">In order to store and present user\u2019s consent for personal data processing, you need to create the additional boolean field for every module listed in the module manager section. This can be done using the <strong>module manager -&gt; Create field<\/strong> feature. We recommend using <strong>checkbox type<\/strong>. We also recommend setting field properties Show on view\u200b and Auditable\u200b to Yes\u200b.<\/span><br \/>\n<span style=\"font-weight: 400;\">Since this field\u2019s default settings is No\u200b, a person creating a new record with personal data must explicitly set it to Yes\u200b if consent is given by the owner of this personal data.<\/span><br \/>\n<span style=\"font-weight: 400;\">Having this field added to all modules storing personal data will enable your organization to create a report for GDPR compliance.<\/span><\/p>\n<h4 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong> Exercising user rights<\/strong><\/span><\/h4>\n<p><span style=\"font-weight: 400;\">In the following sections, we will provide CRMTiger&#8217;s recommendations for executing actions from user requests for exercising all personal data protection rights declared in GDPR.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Right to access<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">Under the GDPR regulation, a person has the right to confirm if his\/her personal data is stored and processed. The person also has the right to get access to this data including information about exact data structure. This right can be requested in many different ways.<\/span><br \/>\n<span style=\"font-weight: 400;\">vTiger supports easy-to-use yet powerful search capabilities which help find all modules records related to the particular person requesting personal data information. You can use the vTiger Reports or Export option from module to inspect, collect and export information about personal data stored.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Right to rectification<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">GDPR protects the right for an individual to correct personal data if it is incorrect or outdated. This can be done by a special request. vTiger search and CRUD tools are perfect for fulfilling these requests. Your personnel responsible for user data management can rectify the personal data in the system.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Right to data portability<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">One of the newest requirements in privacy protection is the right of individuals to obtain and reuse personal data in the other system or organisation.<\/span><br \/>\n<span style=\"font-weight: 400;\">From a technical point of view, this means that your organisation must be able to export personal data into a machine-readable format. While the exact format is not yet defined by regulators, vTiger is able to export any entity into CSV format using the standard Export feature. CSV format is currently a suitable format for personal data portability.<\/span><\/p>\n<h4 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Right to erasure<\/strong><\/span><\/h4>\n<p><span style=\"font-weight: 400;\">GDPR outlines that a person can ask for their personal data to be deleted from informational systems.<\/span><br \/>\n<span style=\"font-weight: 400;\">The task of personal data erasure has many different aspects. Here are the points to execute and consider:<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Deleting standard modules<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">vTiger stores personal data in entities described in the Data Audit section of this document. All records in entities containing personal data can easily be found using the Search feature in our system. All entities supports deletion of a record making it simple for authorized users.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Systems connected via integrations<br \/>\n<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">You need to request data erasure from systems and integrations connected to your vTiger instance using the communication procedures developed during data audit.<br \/>\n<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Webtracking<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">The Webtracking feature of vTiger is a highly flexible and powerful tool for collecting and analysing data received from connected sites. Because of the highly customized nature of tracking scripts, we recommend to check tracking events for the presence of personal data which has to be erased.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Backups<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">At the moment GDPR does not contain any direct requirements to cleanup backups which can be a technical challenge . However, keep in mind that a system failure and DB restore can happen right after data removal which will cause the restoration of deleted data. This is why we recommend keeping requests for erasure open until the next cycle of a DB backup process and check if the personal data has actually been deleted before closing this request.<\/span><br \/>\n<span style=\"font-weight: 400;\">Here is an example of a process where a system backup is made every night outside of business hours:<\/span><\/p>\n<ul style=\"list-style-type: none;\">\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Operator deletes personal data from vTiger but keeps request open.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> On the next morning, the operator or operator\u2019s controller\/supervisor checks open requests for erasure personal data in vTiger and closes request if erasure confirmed.<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">It is also good idea to develop procedures for restoring databases using backups older than regular ones (e.g. if your organisation decides to rollback the database and restore a 2 month old backup).<\/span><\/p>\n<h4 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Other checkpoints to pay attention to<br \/>\n<\/strong><\/span><\/h4>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Transferring personal data outside of your organization<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">GDPR strictly prohibits the transfer of personal data outside of the EU. If your company is a US-based company with technological centers located outside of th\u200be EU. That is why we ask you to obfuscate any production data (like DB dumps, reporting, etc.) to minimize the spreading of sensitive data.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Data retention<\/strong><\/span><\/h5>\n<p><span style=\"font-weight: 400;\">vTiger by it\u2019s business function does not handle any module containing personal data which can have a kind of expiry date. Your organisation can consider cleaning contacts and other entities using any criteria through our filtering capabilities. In addition, it is recommended for users to proactively check if the data they collect is necessary for the business. Identifying unused data can reduce risk and the amount of work for purging data.<\/span><\/p>\n<h4 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Summary<\/strong><\/span><\/h4>\n<p><span style=\"font-weight: 400;\">In order to be compliant with GDPR your organisation needs to perform preparation steps to be ready for GDPR enforcement on May 25, 2018 and implement routine processes that address GDPR requirements.<\/span><\/p>\n<h5 style=\"color: #00acef;\"><span style=\"text-decoration: underline;\"><strong>Things to do with vTiger before May 25<br \/>\n<\/strong><\/span><\/h5>\n<ul style=\"list-style-type: none;\">\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Perform a data audit.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Add a data field for consent to store in vTiger modules.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Create and run email marketing campaigns to collect consent for personal data that\u2019s already stored and processed from existing users.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Update records for those who gave consent.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Delete records for those who have not provided consent.<\/li>\n<li><strong><img decoding=\"async\" src=\"http:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2017\/02\/check.png\" alt=\"\" \/><\/strong> Develop procedures and scripts for DB exports to support personal data obfuscation.<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\"><strong>Are you in tense ? or needed further help ? CRMTiger is always here to help you.<\/strong><\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>Drop an email to us on <a href=\"mailto:info@crmtiger.com\">info@crmtiger.com<\/a> OR contact us on Skype: CRMTiger<\/strong><\/span><br \/>\n<a href=\"https:\/\/crmtiger.com\/contact-us.html?utm_source=blog-nm&amp;utm_medium=crmtiger-nm&amp;utm_campaign=del-module-vtiger-nm\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"160\" class=\"alignnone size-medium wp-image-2316\" src=\"https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger.jpg\" alt=\"\" srcset=\"https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger.jpg 650w, https:\/\/crmtiger.com\/blog\/wp-content\/uploads\/2020\/11\/CRMTiger-300x74.jpg 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<div class=\"more-info\">\n<p><strong style=\"color: #00acef;\">Do You Need More Information ?<\/strong><\/p>\n<p style=\"color: #000000; font-size: 11pt;\">For any further information \/ query regarding Technology, please email us at <a href=\"mailto:info@crmtiger.com\">info@crmtiger.com<\/a><br \/>\nOR call us on <span style=\"color: #00acef; font-size: 12pt;\">+1 630 861 8263<\/span>, Alternately you can request for information by filling up <a href=\"http:\/\/crmtiger.com\/contact-us.html\">Contact Us<\/a><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a regulation adopted by the EU Parliament and Council that protects the personal data of EU citizens. It was passed into law in May 2016 and will be in full force starting May 25, 2018.<\/p>\n","protected":false},"author":1,"featured_media":1507,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge"],"_links":{"self":[{"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/posts\/1506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/comments?post=1506"}],"version-history":[{"count":7,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/posts\/1506\/revisions"}],"predecessor-version":[{"id":3645,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/posts\/1506\/revisions\/3645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/media\/1507"}],"wp:attachment":[{"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/media?parent=1506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/categories?post=1506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crmtiger.com\/blog\/wp-json\/wp\/v2\/tags?post=1506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}