GDPR Compliance
FrontSpin’s Information Security program has stayed abreast of the GDPR requirements. In efforts to remain in compliance with GDPR, FrontSpin has implemented and adheres to the following changes.
FrontSpin no longer stores backups or logs data any longer than necessary, and has implemented a no longer than 90 day deletion cycle in efforts to remain compliant.
In addition, there is full encryption around both data in-motion and at rest. Controls are in place to assure that sensitive customer data is not stored locally or accessible without the proper approved credentials by FrontSpin’s executive counsel.
Controls around access management are in place and regularly reviewed to assure customer data is only accessed by those with proper credentials and limited based on business needs only.
FrontSpin is constantly reviewing their Information Security program and is taking all necessary steps to eliminate potential risks and data exposures.
FrontSpin Privacy Policy can be found here: https://www.frontspin.com/privacy-policy/
GDPR fo FrontSpin Users
Unfortunately, there is no magic wand that can ensure compliance – adhering should come through a confluence of your processes, technology and employees.
Below are the best practices that you can use to assist in your GDPR readiness efforts:
- Create a field in SFDC and map it to FrontSpin to mark Leads & Contacts as “GDPR Leads/Contacts”
Admins can create an additional field in SFDC and map it to FrontSpin to mark specific Leads/Contacts as EU residents, and with FrontSpin’s real-time bidirectional sync the info will be always up to date. Most of the data vendors are able to provide city/country data for each lead or contact in billing, mailing or shipping address, you can use this data with workflow rules and processes built in SFDC to mark contacts as being an EU resident. - Exclude “GDPR Leads/Contacts” on the entry criteria in you Lists/Playbooks
Add additional criteria on your entry criteria in SFDC Reports or through FrontSpin Native List Conditions to exclude GDPR Contacts (i.e. “GDPR contact not equal to true”) - Include a way to Opt-out and Privacy Notice into your Signature
Ensure that you’re providing both opt-out and privacy notice in your email signature and it is critical to honor opt-out requests – is crucial when communicating with EU residents. - Email Tracking and Call Recording Governance Settings
Email open/click tracking tracking can currently be disabled at the list/playbook level and individual email level. Users have the ability to disable tracking when a contact is marked as GDPR and for “relaxed” list/playbooks for EU residents that contain fewer touches and are spread over longer periods of time. FrontSpin call recording governance settings allow admins to disable call recording into certain countries. Live call monitoring, whisper and join conversation can still help managers to train and coach the Reps. - Exclude Do Not Call Leads/Contacts in your Lists/Playbooks & Make Do Not Call checkbox visible in user’s layouts
Admins can map standard SFDC Do Not Call field to FrontSpin to ensure that we always has the most up to date information.
More about GDPR here.