As a data processor, ShareCRM must have secure systems, tools, and methods to collect and store personal data. The ShareCRM GDPR feature provides multiple options to help businesses protect customer data and comply with the security and privacy standards set by GDPR.

ShareCRM assists businesses in achieving GDPR compliance through the following methods:

picture coming soon:

1. Compliance Settings Configuration

1.1 Enabling Compliance Settings

Location: [Enterprise Security Settings] > [Compliance Settings]

By default, this feature is disabled. Enterprise administrators can choose to enable it.

picture coming soon:

Once enabled, you must first select the objects that fall under GDPR compliance. Supported objects include:
- Contact
- Leads
- Personnel
- Advanced Fieldwork
- Members
- WeChat Users
- Custom Objects

picture coming soon:

Waiting Period: The application form link remains valid during this period. If a user submits the form, the consent status updates to the latest.
Consent Settings: Defines management actions for data marked as “Agree” with a “Pending” status.
Personal Data Processing: Two restriction capabilities are available:
- Prohibit processing
- Prohibit data export

These can be implemented via OpenAPI, with data classified into two levels:
- Regular data
- Sensitive data

1.2 Compliance Overview

After completing the initial setup, a [Overview] tab appears.

This interface provides enterprise administrators with a summary of compliance data, divided into three sections:
1. Legal Basis for Data Processing: Statistics by object, with options for administrators to modify.
2. Consent Records:
- Pending: Data marked with “Agree” as the legal basis.
- Obtained: Data where consent forms were submitted by users or manually updated.
3. Data Subject Requests: Capabilities tailored to each object’s requirements, including:
- Access
- Correction
- Export
- Restriction of processing
- Deletion

picture coming soon:

1.3 Consent Forms

After setup, a [Consent Forms] tab appears.

The system supports obtaining permissions by sending “Consent Forms” to data subjects. This page displays the form template (view-only).

Language Options:
- Simplified Chinese
- Traditional Chinese
- English

picture coming soon:

1.4 Configuring Sensitive Fields

When compliance settings are enabled, a [Personal Fields] tab appears in object management pages. Administrators can designate fields as:
- Regular
- Sensitive

picture coming soon:

2. Using Compliance Settings

2.1 Data Privacy

When enabled, an [Update Legal Basis] button appears in object list pages for batch updates.

picture coming soon:

A [Data Privacy] button also appears to view/update individual records:

picture coming soon:

Clicking this opens a modal to configure:
- Legal basis for processing
- Data subject requests

picture coming soon:

2.2 Legal Basis for Data

When enabled, data defaults to “Unprocessed.” Users can modify the legal basis (e.g., changing to “Agree” sets status to “Pending”).

picture coming soon:
picture coming soon:
picture coming soon:

Knowledge Extension - What Does “Pending” Mean?
“Pending” refers to the waiting period during which data subjects decide whether data controllers may use their data.

2.3 Obtaining Subject Authorization

Two methods are available:

2.3.1 Adding Consent Details

Performed by data controllers. Click [Add Consent Details] to record offline authorization.

picture coming soon:
picture coming soon:

Note: All authorizations are obtained offline; the system only maintains records.

2.3.2 Sending Consent Forms

Click [Send Consent Form] to generate a link (Figure 2). When sent to subjects:
- Status changes to “Waiting”
- Upon submission (form shown in Figure 3), status updates to “Obtained”
- Communication preference defaults to “Survey”

picture coming soon:

2.4 Additional Notes

GDPR imposes strict requirements on “Consent” with operational restrictions. Other legal bases only require controllers to label compliant bases in records.

picture coming soon:

ShareCRM supports data subjects’ rights to:
- Access their personal data
- Understand processing methods
- Request processing restrictions
- Request data erasure

picture coming soon: