Data Protection in the Marketing Department
-
Repetition: Basics of Data Protection1 Topic|1 Quiz
-
Data Processing2 Topics|1 Quiz
-
Events and Trade Fairs3 Topics|1 Quiz
-
CRM Systems3 Topics|1 Quiz
-
Social Media2 Topics|1 Quiz
-
Tracking Services3 Topics|1 Quiz
-
Promotions and Competitions2 Topics|1 Quiz
-
Privacy Policy for the Website3 Topics|1 Quiz
-
Consent (Opt-In and Double-Opt-In)2 Topics|1 Quiz
-
Newsletter Marketing3 Topics|1 Quiz
Customer Relationship Management (CRM) Systems
From a data protection perspective, it is important when using CRM systems to ensure that there is a working role and authorisation concept in accordance with the principle of integrity and confidentiality (Art. 5 para. 1 lit. f) and Art. 32 para. 1 lit. b) of the GDPR – the so-called need to know principle).
It must be ensured that only those persons have access to customer data who directly need it for the fulfilment of a specific task. Unauthorised persons may not gain access to this data.
A comprehensive role and authorisation concept should ensure who is authorised, for example, to read, change or delete personal data
The more sensitive the personal data (e.g. data on political opinions or health data), the more differentiated and strict the role and authorisation concept should be.
The role and authorisation concept should also contain replacement regulations. It should be noted that the replacement belongs to the same department, works at the same level in a legally secure manner and has the same professional competence.
If employees change departments or leave the company, for example, the authorisations must be adjusted immediately.