Yes we do - if you go to our main GDPR page here you can see our official statement. Please be aware that this may be updated from time to time.
Whilst we cannot provide legal advice to aid understanding on this, there are numerous sites available to help on this, including the ICO website here which includes some great explanations and advice.
Everyone will have a different policy on this, but this does seem to be an extreme position to take. GDPR does definitely require you to have a valid reason for holding the data though - check out this article from our partner CommuniGator which explains this really well.
We are currently completing our full GDPR policy and are reviewing our ISO 27001 policies to ensure they are in line with GDPR.
You need to decide if you wish to redact or delete the records, as per your company's GDPR policy. If you wish to delete the data, you can simply use the delete function. Our general recommendation, subject to your own legal advice, is to use the delete function to flag the record, and periodically empty the recycling bin to permanently delete the records. If you're on ProspectSoft version 6 CRM, you can attempt this yourself on small amounts of data manually using the interface, or for bulk updates we would recommend you speak to your Account Manager or our Customer Services team prior to this action as emptying the recycling bin will require some technical assistance/advice. If you're on Prospect 365 however, we are currently looking at the feasibility of using the new bulk actions feature which is part of the product roadmap.
We advise you refer to CommuniGator's GDPR material on this - we've added a link right here. The ICO also have a page on their website here which may help you clarify the opt in rules for your business' data.
In Prospect 365 CRM, there is an Email flag with 'Yes'/'No' options, and there is a double-opt in within CommuniGator. We are currently reviewing with the CommuniGator technical team the flag integration and purpose within the two systems.
Our data is either hosted in the EU, or for a very small subset of our suppliers where data is held in the US, we have confirmed that they have a privacy shield in place. We have confirmed that data they are holding is not highly sensitive personal data.
For data where ProspectSoft is the Data Controller, we will be providing a GDPR web form for such requests. We would suggest that for data where you are the controller and we are the processor, you provide a similar service as part of your GDPR policy.
We are currently completing our full GDPR policy and are reviewing our ISO 27001 policies to ensure they are in line with GDPR - we will be able to answer this in due course.
ProspectSoft will not keep the data beyond the purpose for which its supplied.
Exactly what you choose to do depends on your own company GDPR policy and procedures. Simply clicking 'delete' in the application is not necessarily enough as data can be restored. There are two ways customers are currently tackling this - either you can ask our Customer Services desk to purge the data with a script (which would be a chargeable service). Or, you can keep the data, but redact names and personally identifiable data.
If you delete or redact the data, this won't always delete sales history, although sales history won't necessarily contain personally identifiable data. However, you should review your own sales history data and company GDPR processes to verify this.
That is a really good question - our records have a creation date and time stamp and there would be a request (with a date) if they were added later with GDPR justifiable reason.
You can submit a GDPR question about us a Data Controller using the form below. Your question will be anonymised and posted on this page in due course. Please note: if you wish to also be notified of when your question has been answered, please provide your email address below so we can let you know.