The GDPR details how organizations are to deal with these individuals' personal data in safe, secure, open, and benign ways. Responsibility for compliance extends to any organization that communicates with individuals who are in the EU/EEA. As such, the GDPR affects both organizations that are established in the EU/EEA, and to many organizations that operate outside of the EU/EEA and interact with individuals who are in the EU/EEA.
Enforcement of the GDPR began on 25 May 2018. Lead Gen & CRM met the GDPR requirements prior to that date. To remain compliant with the GDPR, Lead Gen & CRM will continue to implement and maintain changes to software and policies to specifically address these new GDPR responsibilities and continue to assist customers in meeting some of their responsibilities under the GDPR.
Administrators | ✓ | |
Company Managers | ||
Marketing Managers | ||
Sales Managers | ||
Salespersons | ||
Jr. Salespersons |
Lead Gen & CRM values the importance of customer data privacy and security. Lead Gen & CRM has updated its privacy policy—effective immediately—to give more clarity and control on how data is collected and handled within the platform.
The updated policy includes the following:
Refer to the Lead Gen & CRM Privacy Policy for more information.
The ability to prove consent is an important aspect of the GDPR. Article 4 of the GDPR defines consent as:
...Any freely given, specific, informed, and unambiguous
indication of the data subject's wishes by which he or
she, by a statement or by a clear affirmative action,
signifies agreement to the processing of personal data
relating to him or her...
Lead Gen & CRM already provides ways to request or revoke consent. To more closely comply with the new rules on consent in the GDPR, SharLead Gen & CRM Spring has changed how certain core features of the platform provide means to request and revoke consent.
Forms have been updated to help individuals provide consent. With these updates, more metadata about submissions to Lead Gen & CRM forms will be recorded. This metadata includes key pieces of information, including IP addresses and subscription dates, and will be available when exporting leads from Lead Gen & CRM. In addition, when building forms to solicit various kinds of consent, Lead Gen & CRM has provided some new options.
Landing pages also have been updated to address the consent requirements. Lead Gen & CRM has updated the landing page designer to allow users to configure a cookie disclosure design element. This design element discloses what cookies are being used on landing pages—and for what purpose.
These form and landing page updates are available to use as needed. Lead Gen & CRM leaves their use to the client's discretion. Clients should consider their usage based on individuals they are targeting, as well as the locations of these individuals.
Seeking request permissions is only part of the new consent rules. Now, with the GDPR, you must identify and retain exactly how you obtained an individual's information and consent. The GDPR requires the following be addressed:
Lead Gen & CRM already enables you to create custom fields, organize those custom fields into folders, and view information on those custom fields on a lead's record at any time. Make a point to investigate the sources and keep track of where you get your data. Keeping this information on-hand is at your discretion. Know from which source your data was collected prior to GDPR implementation, and going forward.
The GDPR requires organizations to be transparent on their practices regarding personal data. To comply with these transparency requirements, Lead Gen & CRM internally logs more granular information on what data has been obtained from third parties, as well as how that data is being used. This list of subprocessors is publicly visible and provides information on the following:
Moving forward, instances where Lead Gen & CRM shares client data with these third-party providers will be documented. In addition, Lead Gen & CRM will require associated third-party providers to self-certify their compliance with the EU-US Privacy Shield Principles, or execute a specific data privacy agreements with Lead Gen & CRM. To maintain transparency, Lead Gen & CRM will publish details of these privacy agreements, as well as those vendors which are operating under these agreements.
Lead Gen & CRM already maintains an audit trail. These audits account for important events that occur in Lead Gen & CRM's networks and servers. These audits, as well as other records, are in place due to various existing regulatory, compliance, and legal measures. To better represent the audit process, and comply with the GDPR, Lead Gen & CRM has updated these internal audit logs and similar records. The changes reflect, in a granular fashion, how customer data is transferred, updated, deleted, and accessed within the Lead Gen & CRM platform.
The GDPR requires organizations to provide individuals with the means to know how their data is being processed and used. To comply with these new rules on data access, Lead Gen & CRM has implemented new verification measures. Going forward, when a client makes certain support requests, Lead Gen & CRM will ask the client to provide additional information. These requests will help verify a client's identity before Lead Gen & CRM staff accesses certain data or performs certain actions on the client's behalf.
The GDPR requires organizations, upon request, to provide, free of charge, electronic copies of an individual's personal data. The Lead Gen & CRM platform has been updated to address the new rules on data access. Lead Gen & CRM's data exporting tools will be available to assist in exporting this personal data. Lead Gen & CRM also introduced new export tools—and made changes to existing export tools—allowing clients to download data that they provided to Lead Gen & CRM, excluding certain historical data that has been deleted or removed.
The GDPR affords the right to data erasure, also known as the right to be forgotten. This right provides individuals, in limited circumstances, with the ability to request that their data be deleted. In addition, to address data erasure more directly, Lead Gen & CRM is currently in the process of building, updating, and expanding internal tools. These internal tools allow Lead Gen & CRM to respond to data erasure requests in a timely manner.
The GDPR also provides a right to restrict the processing of personal data and to object to the processing of personal data. Lead Gen & CRM provides a means for individuals to request that their data stops being disseminated to other organizations and entities.
The backup policy at Lead Gen & CRM requires full backups of customer data daily, with incremental backups being performed each hour. Lead Gen & CRM's data retention period for backups of customer data is seven days. Lead Gen & CRM replicates these backups to an off-site location in compliance with its own disaster recovery policy. Lead Gen & CRM cares about its customers' data, and has placed high availability (HA) mechanisms in place to reduce the need for recovery. Lead Gen & CRM makes a best effort attempt to retain customer data. However, Lead Gen & CRM does not provide any direct guarantee against loss of customer data.
Lead Gen & CRM's backup procedures follow the basic rules of the CIA triad: confidentiality, integrity and availability. They are verified for integrity, are encrypted, are securely transferred, and are stored both at on-site and off-site locations. These backups are then verified through reanimation testing.
Lead Gen & CRM utilizes open source technologies, such as Zabbix and OpenVAS, to monitor the availability of its services, obtain web application performance metrics, and perform regular vulnerability scans against its critical infrastructure. Lead Gen & CRM also reinforces these processes by regularly performing penetration tests against its own architecture. Lead Gen & CRM's monitoring and associated alerting processes are regularly tested to ensure that Lead Gen & CRM Network Operations Center (NOC) staff is notified immediately upon the occurrence of any operations anomaly or service interruption.
It is not just Lead Gen & CRM that is impacted by the GDPR. Email marketers should take action to remain compliant. Again, GDPR compliance is required for all marketers that have leads in the EU/EEA. While in no way a complete list, Lead Gen & CRM recommends that email marketers do the following to begin to comply with the GDPR:
Refer to the following external help resources for more information on customer actions and the marketing impacts of the GDPR:
Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center