Support Portal ContactGet in touch

Workspace for GDPR Requests

   Words by CRM Consultancy

   on 09/05/2018 10:00:00

Security_KeyWe are living in an increasing collaborative and connected world where data is more valuable than ever.

This has led to the new GDPR Regulations coming into effect from May which redefine our relationship with data, and establish the Customer as the ultimate controller over their Personal Data shared with a Company.

In a practical sense, this means the Customer has rights for:

  • Data Access Request, allowing the customer to view the data you hold about them.
  • Right to be Forgotten, allows the customer to request you delete the data you hold about them,
  • Portability, the right for a customer to obtain the data we hold about them in a format that they can take to another provider if required.
  • Data Classification, the ability to inform the customer why we are holding their data, and justify our retention period.

In order to meet these new requirements we can implementing processes within our Company and CRM to make these requests easier.

Your CRM should give you a single view of data and a centralised ‘one-stop-shop’ of your Data Real Estate - however compliance will be driven by the teams and Users in a business rather than the system itself, and the easier the functionality in CRM to facilitate these requests then the easier it will be for a business to be compliant.

The way we do this..

To help with this, CRMCS have added functionality into Dynamics that generates a secure link for a Contact, Lead or other ‘Person’ record (i.e. any record where we may hold Personal Data in CRM) that can be shared with that person as way of allowing them to see both the Personal Data we hold on them + the Reason why we store this data.

This builds on our experience of the DocMan for Dynamics App in building a unique Public Access Key for each Request that is then valid for a limited period of time.

This request allows the Data Subject to ‘peek’ into the data and documents we hold on them to fulfil Data Access Requests.

We can see this in CRM by opening a Lead or Contact, and observing the Share via Workspace action.


Clicking this action generates a new Secure Link and copies this link into the clipboard.

This can then be emailed to the Lead or Contact in question and invite them into the Workspace to view the Personal Data we hold upon them and why we hold this data.


There is nothing revolutionary in this idea as extends on the usual Portal concept to provide a limited page where a Data Subject can view their Personal Data - however the ease of use in making this simple for our User to generate and send out the link.

In addition the Workspace can include Documents (and potentially Emails) so the full portfolio of Personal Data we hold on the Subject is shared, and this transparency can be a useful tool for GDPR Compliance.

As seeing is believing, the video below shows this more visually:

B2B Marketing

The ability to communicate to a Contact or Lead why we hold their data and the purpose of how we use this data is of particular interest to the B2B Marketing Sector. 

Many companies have long lists of Leads that they need to email and communicate utilising an Opt-in or Opt-out policy to ensure they have consent to continue sending email communications to that individual.

We can see this in our day to day lives at the moment from the volume of ‘Keep hearing from us’ or other Opt-in Email Communications that companies are sending out to Contact Lists as a result of GDPR.

There are different schools of opinion on the best way for B2B Marketing Organisations to comply with GDPR – we believe that the Subject Access Request should be a key part of Marketing Compliance.  Organisations should offer this type of Data Access Link in their outgoing correspondence to give full transparency why the contact is receiving this Email.  This transparency should detail both the Data Classification and the Rationale for being on the Marketing Lists that the Contact is a member of, plus enabling the Contact to remove themselves from a given List should they no longer want to receive Emails for this Rationale.

Full transparency with the Contact then mitigates some of the Opt-in requirements that can be particularly challenging for Marketing Organisations that depend upon the database of Contacts they have built up.  But (and is crucial but!) the organisation must be able to show why each Contact’s Personal Data is being stored and justify consent, otherwise an Opt-in to obtain this Explicit Consent should be implemented.

Explicit Consent obtained via an Opt-in should then be stored in CRM as the Data Classification for holding that Contact’s Personal Data; as having the correct classification and reason for retention of personal data in CRM is an absolute necessity for future compliance.

Over the last five years we have helped several of our clients transform their approach to Security and Compliance, and so become a knowledge leader in GDPR and how to manage compliance within Dynamics CRM – if this may be useful to your organisation or you have any queries on GDPR specifically, then please do not hesitate to get in touch with us.

Further Reading

We have been blogging on GDPR for some time, as is an area that we think connects quite naturally with CRM and so the following articles on this blog may be useful:


Implementing GDPR with Dynamics 

Alongside wider articles on Subject Access Requests for GDPR:

Right of Access under GDPR from the ICO (Information Commissioners Office) 

Handling Subject Access Requests (SARs) for GDPR

Share this Article

Search Articles

Filter Articles

CRM Tech DocMan

Recent Articles

CRMCS Quick Start Guide: How To Produce a Microsoft Teams Live Event Dynamics 365 Marketing: Lead Scoring and Sales Acceptance Designing and Developing Microsoft Power Apps Portals Thank You for Attending CRMCS’ Webinar - Achieving B2B sales excellence with Dynamics 365 & Microsoft Teams Thank You for Attending Our Webinar - Achieving B2B sales excellence with Dynamics 365 & Microsoft Teams Webinar: Discover How CRMCS Have United Dynamics 365, SharePoint and Microsoft Teams To Create Sales Excellence Ignite your workflow by adding DocDrive365 to Office 365 The CRMCS guide to everything you need to know about integrating Teams with Dynamics 365 Saving Time By Keeping Documents In One Place TDE Database Encryption with On Premise Dynamics The Key to Successful Compliance in 2020 Part 2: Let’s get GDPR Compliant with Microsoft Power Automate Top 3 Essential Tips for Remote Working Dynamics 365 Marketing: Top 5 Best Features Dynamics Day in the Life - Puma Investments Can you use Teams to amplify collaboration in Dynamics? Part 1: Using a Scheduled Power Automate to Trigger Expiry Date Reminders The secrets of successful document collaboration in Dynamics CRMCS launches new AppSource approved DocDrive365 Dynamics Day in the Life - Moneypenny Release Management Add the App to Dynamics DocDrive365 Security: Day One - Getting Started with Dynamics to SharePoint Permissions Building a New Scheduled Process using Flow
  • "Paul has made a real difference to how my team of 24 people record and store valuable customer data and sales opportunities. Highly recommended."

    James, Operations Director

  • "Understanding your business allows us to advise when to implement aspects of CRM and, likewise, when not to."

    Paul McQuillan, Managing Director

  • "Dynamics 365 and CRMCS have made a real lasting difference to our business, allowing us to replace older systems that were holding back our performance."

    Grahame, Chief Operating Officer

  • "James worked well with us to help connect CRM with Outlook and relate how this might benefit our team using CRM for Property Care."

    Natalie, Property Care Supervisor

  • "Matt was really good with helping us run User Testing on the new Compliance Module of our CRM System."

    Tom, Compliance Administrator

Prefer to go old-school?

Write to us using the below addresses.

Head Office
CRM Consultancy
61 Oxford Street
M1 6EQ

London Office
CRM Consultancy London
Grosvenor Avenue

Content © CRM Consultancy.