Workspace for GDPR Requests

   Words by CRM Consultancy

   on 09/05/2018 10:00:00

Security_KeyWe are living in an increasing collaborative and connected world where data is more valuable than ever.

This has led to the new GDPR Regulations coming into effect from May which redefine our relationship with data, and establish the Customer as the ultimate controller over their Personal Data shared with a Company.

In a practical sense, this means the Customer has rights for:

  • Data Access Request, allowing the customer to view the data you hold about them.
  • Right to be Forgotten, allows the customer to request you delete the data you hold about them,
  • Portability, the right for a customer to obtain the data we hold about them in a format that they can take to another provider if required.
  • Data Classification, the ability to inform the customer why we are holding their data, and justify our retention period.

In order to meet these new requirements we can implementing processes within our Company and CRM to make these requests easier.

Your CRM should give you a single view of data and a centralised ‘one-stop-shop’ of your Data Real Estate - however compliance will be driven by the teams and Users in a business rather than the system itself, and the easier the functionality in CRM to facilitate these requests then the easier it will be for a business to be compliant.

The way we do this..

To help with this, CRMCS have added functionality into Dynamics that generates a secure link for a Contact, Lead or other ‘Person’ record (i.e. any record where we may hold Personal Data in CRM) that can be shared with that person as way of allowing them to see both the Personal Data we hold on them + the Reason why we store this data.

This builds on our experience of the DocMan for Dynamics App in building a unique Public Access Key for each Request that is then valid for a limited period of time.

This request allows the Data Subject to ‘peek’ into the data and documents we hold on them to fulfil Data Access Requests.

We can see this in CRM by opening a Lead or Contact, and observing the Share via Workspace action.


Clicking this action generates a new Secure Link and copies this link into the clipboard.

This can then be emailed to the Lead or Contact in question and invite them into the Workspace to view the Personal Data we hold upon them and why we hold this data.


There is nothing revolutionary in this idea as extends on the usual Portal concept to provide a limited page where a Data Subject can view their Personal Data - however the ease of use in making this simple for our User to generate and send out the link.

In addition the Workspace can include Documents (and potentially Emails) so the full portfolio of Personal Data we hold on the Subject is shared, and this transparency can be a useful tool for GDPR Compliance.

As seeing is believing, the video below shows this more visually:

B2B Marketing

The ability to communicate to a Contact or Lead why we hold their data and the purpose of how we use this data is of particular interest to the B2B Marketing Sector. 

Many companies have long lists of Leads that they need to email and communicate utilising an Opt-in or Opt-out policy to ensure they have consent to continue sending email communications to that individual.

We can see this in our day to day lives at the moment from the volume of ‘Keep hearing from us’ or other Opt-in Email Communications that companies are sending out to Contact Lists as a result of GDPR.

There are different schools of opinion on the best way for B2B Marketing Organisations to comply with GDPR – we believe that the Subject Access Request should be a key part of Marketing Compliance.  Organisations should offer this type of Data Access Link in their outgoing correspondence to give full transparency why the contact is receiving this Email.  This transparency should detail both the Data Classification and the Rationale for being on the Marketing Lists that the Contact is a member of, plus enabling the Contact to remove themselves from a given List should they no longer want to receive Emails for this Rationale.

Full transparency with the Contact then mitigates some of the Opt-in requirements that can be particularly challenging for Marketing Organisations that depend upon the database of Contacts they have built up.  But (and is crucial but!) the organisation must be able to show why each Contact’s Personal Data is being stored and justify consent, otherwise an Opt-in to obtain this Explicit Consent should be implemented.

Explicit Consent obtained via an Opt-in should then be stored in CRM as the Data Classification for holding that Contact’s Personal Data; as having the correct classification and reason for retention of personal data in CRM is an absolute necessity for future compliance.

Over the last five years we have helped several of our clients transform their approach to Security and Compliance, and so become a knowledge leader in GDPR and how to manage compliance within Dynamics CRM – if this may be useful to your organisation or you have any queries on GDPR specifically, then please do not hesitate to get in touch with us.

Further Reading

We have been blogging on GDPR for some time, as is an area that we think connects quite naturally with CRM and so the following articles on this blog may be useful:


Implementing GDPR with Dynamics 

Alongside wider articles on Subject Access Requests for GDPR:

Right of Access under GDPR from the ICO (Information Commissioners Office) 

Handling Subject Access Requests (SARs) for GDPR

Share this Article

Search Articles

Filter Articles

CRM Tech DocMan

Recent Articles

Release Wave 2 New Feature: The Columns Button HOW TO: Search a date field in Microsoft Dynamics The Relevance Search COMING SOON to Power Apps Portals HOW TO: Manage Your Dynamics 365 Database Size (Video Included) Dynamics 365 Marketing vs ClickDimensions It’s time to pause, reflect and acknowledge a new era of inclusivity and collaboration. Part 2 - How to get the most from a Technology Expert – Asset Management Hub Property & Asset Management Hub Part 1 – Balancing CRM and Asset Management Scopes - Asset Management Hub Creating a Multi-Lingual PowerApps Portal How to Set Up a Microsoft Teams Site Using DocDrive365 Microsoft Teams - Adding a Microsoft Teams URL to a Dynamics Appointment Dynamics 365 Marketing – Customer Voice Survey Not Appearing In Emails? Using SQL Management Studio to connect to the Dynamics DB Calling a Power Platform AI Builder Model via oData How to use DocDrive365 to integrate permissions between Business Units in Dynamics with Sites in SharePoint Getting started with the Power Platform AI Builder. Power Apps Portal Information Hub DocDrive365 Security: Day One - Getting Started with Dynamics to SharePoint Permissions Part 5 - Power Apps Portals: How To Connect Azure B2C With Linked-In Part 4 – Power Apps Portals: Styling Azure B2C for Power Apps Portals The 3 Phases for Using Multi-Select Option Sets in Flow with Microsoft Forms Part 3 – PowerApps Portals: Azure B2C and Power Apps Portals – User Flow for Signup and Signin Part 2 - Power Apps Portals: New Application Registration in Azure B2C for our Power Apps Portal Part 1 – Power Apps Portals: Creating a New Azure AD B2C Tenant
Contact Us

Want expert advice or a demo?

Get in touch now and see how we can help your business grow.

  • Name
  • Email Address
  • Phone Number

Understanding Your Challenges

Our strong understanding of CRM and emerging technologies within the Microsoft environment means we deliver the right solutions for you.

Proven Real-World Solutions

As a leader in the field of Dynamics solutions, our pedigree developing and delivering real-world solutions is unsurpassed.

Long Term Support

We provide support beyond our design, implementation and 'go-live' delivery using Sprints and continual updates to our AppSource apps.

CRMCS | Design by Thinktank Marketing | Citrus-Lime Limited

To improve your experience today and in the future, this site uses cookies. Read our full Privacy Policy & Cookie information here I Understand