Ebsta is a UK-based company and complies with UK/EU laws and the General Data Protection Regulation (GDPR).
GDPR is coming on 25 May 2018 and we are committed to being GDPR ready and are actively assisting our customers with their GDPR readiness. Ebsta is well aware of the GDPR data protection changes coming to force in May 2018. Over the last year we have spent time with many legal professionals, including members of the Queens Council involved in drafting the new legislation, discussing not only the impact of the GDPR on us, our clients and the wider international business community but how our technology can be used to assist our customers with their own GDPR readiness.
Keeping your data safe and secure is paramount. We adopt industry standard design led approaches to security at all levels from the way we design our software, its deployment, maintenance, monitoring and platform architecture and operational standards. That is why we continually undergo and pass external security review processes to ensure the continued security of your data.
At all times you retain control over the data Ebsta has access to and the transactions that occur and at any time can revoke access.
For a more detailed security overview please review our security statement.
Ebsta is a SaaS provider connecting your disparate SaaS platforms together. We are a data processor on your behalf.
Data is accessed securely, encrypted during transport and at rest (where data is stored at all) with a record of each transaction logged, no PII.
The GDPR does not effect your continued usage of Ebsta. Please ensure that relevant parties have read the linked pages and are aware of your responsibilities as a data controller.
The GDPR concerns personally identifiable information, PII. For any device, application or process to be compliant your users must only have access to the PII that they are able to use as defined in the terms associated with that record.
As an example, if you are not allowed to call a data subject for sales purposes your sales people should not have access to the phone number. Therefore the phone being GDPR compliant is not the question.
There are no compliance issues with Ebsta as long as you have the correct rights over the PII you are using.
Ebsta assists with your GDPR compliance whichever edition is being used. Ebsta records all transactions to ensure you can understand where and when records have come from and provides tools to users to ensure the data integrity of those records within the CRM. Ebsta also provides tools for full front office readiness. Without these tools you are less ready for GDPR.
You need to ensure that your perimeter security is sound and that your data management processes are in place and adhered to but in the middle you need to actually use the data in your business and this is where Ebsta comes in, focusing on your high risk data sources.
Firstly you need to ensure that the data you have is under control and up to date. We all know that sales reps are not great at keeping the CRM and rely on their email inbox for latest contact details. An Ebsta survey has found that up to 60% of business contacts are locked in mailboxes and never make it on to the CRM. Therefore they cannot be managed. Ebsta unlocks these contacts and makes them available for central management and updates any existing records with the latest contact details.
Once you have your data under control you need to understand the different types of data you have and the rights you have over it and understand if you are able to retain and use it. Ebsta provides a health check and automated alerts to data minimisation requirements.
Data subject access requests when received need to be quickly and efficiently handled and if there the right to be forgotten is invoked it is critical that the information is removed from the mailboxes where it resides so it cannot be re-used causing a data protection breach.
If you want to ensure a successful CRM implementation and keep accurate data in Salesforce please get in touch now.