ShareCRM, as the data processor, must maintain secure systems, tools, and procedures to collect and store personal data. ShareCRM’s GDPR features offer multiple options to help organizations protect customer data and meet GDPR security and privacy standards.

ShareCRM helps organizations complete GDPR compliance through the following capabilities:

picture coming soon:

1. Compliance Settings Configuration

1.1 Enable Compliance Settings

Location: [Enterprise Security Settings] - [Compliance Settings]

By default this capability is turned off; enterprise administrators can enable it.

picture coming soon:

After switching it on, you must first select the GDPR‑relevant objects. Supported objects include: Contact, Leads, Personnel, Advanced Fieldwork, Member, WeChat User, and Custom Objects.

picture coming soon:

Waiting period: The consent form link remains valid during the waiting period; if the user completes the form during that time, the consent status is updated to the latest value.

Consent settings: Controls how the system manages a record that is marked as consented but is currently in a pending state.

Personal data processing: For personal data, two restriction controls are available: prohibit processing and prohibit export. These restrictions can be enforced via the OpenAPI and can apply different restriction levels to regular and sensitive data.

1.2 Compliance Overview

After you save the initial settings, a tab labeled Overview will appear.

This view gives administrators a compliance summary with three sections: Legal Basis for Processing, Consent Records, and Data Subject Requests.

picture coming soon:

Legal Basis for Processing: The basis for processing personal data. This section shows counts by object and allows administrators to make changes.

Consent Records: - Pending: Records whose legal basis is set to “Consent” but are currently in a pending state - Obtained: Consent form was sent and the user responded; or consent status was updated manually

Data Subject Requests: Organized by object, this area shows the types of requests a data subject can make for each object and the available actions, including Access, Rectification, Export, Restrict Processing, and Deletion.

1.3 Consent Form

After saving the initial settings, a tab labeled Consent Form will appear.

The system supports obtaining consent by sending a Consent Form to the data subject. This page displays the consent form template for preview only; editing the form content is not supported here.

The system supports selecting the language for sent forms. Available languages: Simplified Chinese, Traditional Chinese, and English.

picture coming soon:

1.4 Configure Sensitive Fields

Once Compliance Settings are enabled, a Personal Fields tab appears on the enabled object’s management page. Administrators can mark fields as regular or sensitive for that object.

picture coming soon:

2. Using Compliance Settings

2.1 Data Privacy

When Compliance Settings are enabled, an Update Legal Basis button appears on the enabled object’s list view to bulk update records’ legal basis.

picture coming soon:

Also, a Data Privacy button appears on the record detail page to view and update a record’s privacy settings.

picture coming soon:

Clicking Data Privacy opens a modal where you set the record’s legal basis for processing and the data subject’s request handling options.

picture coming soon:

2.2 Legal Basis for Processing

When you enable the Legal Basis switch, records default to Unprocessed. Business users can change the legal basis. If you set the basis to Consent, the consent status defaults to Pending.

picture coming soon:

picture coming soon:

picture coming soon:

Warning - What does Pending mean? Pending indicates the waiting period during which the data subject decides whether the data controller may use this data.

2.3 Obtain Data Subject Authorization

You can obtain authorization from a data subject in two ways: add consent details or send the consent form.

picture coming soon:

2.3.1 Add Consent Details

This action is performed by the data controller. Click Add Consent Details to record the information that documents the data subject’s authorization. Once confirmed, the system treats this as having obtained the data subject’s consent.

picture coming soon:

picture coming soon:

Note: All authorizations recorded via Add Consent Details reflect offline consent captured outside the system; the system stores the record for audit purposes.

2.3.2 Send Consent Form

Clicking Send Consent Form generates a consent form link that you can send to the data subject to request authorization. The record status automatically becomes Waiting. If the user receives and completes the form within the waiting period (form example shown), the record’s status automatically changes to Obtained. The default communication preference is Survey.

picture coming soon:

2.4 Additional Notes

GDPR imposes strict requirements on Consent, including certain operational restrictions. Other legal bases do not impose the same operational requirements; data controllers only need to mark the appropriate legal basis for a record.

picture coming soon:

In ShareCRM, we support customers exercising their rights to access and understand how their personal data is processed. Data subjects can submit Access Requests to obtain their personal data and details on how it is processed. They can also request that processing stop or request erasure of their data.

picture coming soon: