The General Data Protection Regulation (GDPR) becomes directly applicable and enforceable in all EU Member States on May 25, 2018. As you probably know, this regulation imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents and applies no matter where companies are located. It contains requirements about how companies collect, store, and use personal information. For a data controller, any organization dealing with EU individuals must process personal data in compliance with the GDPR and must ensure that any third-party data processors have implemented the technical and organizational requirements of the GDPR. Companies who are found not to comply with the new regulation will be subject to significant fines.
GDPR applies to SugarCRM in a number of ways, including:
- As a Data Controller, where SugarCRM handles any data on its own behalf (e.g. for marketing activities);
- As a Data Processor, where SugarCRM handles any data on behalf of its customers (e.g. for our On Demand Service),
- As a CRM provider, where SugarCRM provides software to our customers which also allows them to be compliant with the GDPR.
At SugarCRM, the trust of our customers is paramount to our mission, and this trust drives our continuous investment and approach to data protection. We are committed to take a holistic approach to GDPR compliance. To this end, we have created a cross-functional internal working group to review, assess and implement our GDPR compliance efforts. We are in the process of identifying and educating internal GDPR champions in all relevant groups to ensure that data privacy continues to be a vital part of all SugarCRM activities and considerations.
We recognize the many challenges faced by our customers in their efforts to comply with the GDPR. SugarCRM is committed to helping our customers by offering products that allow them to meet GDPR requirements and develop more effective and valuable business relationships with their own customers. We are also committed to offering contractual commitments required by the GDPR from a data processor perspective. We are currently working on a data processing addendum to our Master Subscription Agreement which will reflect the requirements set out by the GDPR.
We look forward to working with our customers to address any questions, needs and feedback relating to GDPR and our efforts.