At SalesAgility, the driving force behind SuiteCRM, we welcome the EU’s General Data Protection Regulation, also known as GDPR, which brings back the ownership of personal data to the people. GDPR perfectly aligns with our Open Source philosophy, which is about giving freedom to the users.

Will SuiteCRM be GDPR ready?

Yes! SuiteCRM will be your perfect alliance to be GDPR compliant, in a clear and transparent way. Let’s go over the most important points within the GDPR and how SuiteCRM solves them for you.

1. Consent

You must record that the lead has given you consent to be inserted in the CRM. The flexibility of SuiteCRM allows you to implement a double opt-in process, and records activity and history (notes and attachments, like emails), providing you with an effective audit trail for each individual.

2. Right to object

When you use SuiteCRM for direct marketing campaigns, an individual has the right to object to this. With SuiteCRM you can create a simple custom field that records if a lead objects to this. Additionally, campaign emails sent via SuiteCRM include an opt-out link. If the Lead/Contact clicks that link, then the system will mark them as opted-out and prevents them from being sent any new campaign emails.

3. Access requests and processing personal data

Personal data is all data related to an individual, which includes the lead data, but also, if applicable,  contact, account & opportunity data, notes etc. SuiteCRM allows you to create a report to export all that information.

4. Right to be forgotten

One of the fundamentals behind the GDPR is that data subjects have the right to be forgotten.  SuiteCRM makes this is easy: when the individual withdraws consent from processing you can delete him or her, or you can set up a workflow to do this automatically.

5. Mandatory privacy risk impact assessment

To quote Rafael Laguna, CEO of Open-Xchange: “Security means not having to believe, but knowing. Only products under open-source licensing can shed the light when back doors exist, dishonest data collection and/or data exploitation happens or if the proper algorithms for creating security are chosen.

GDPR demands that personal data is stored and processed in secure systems, and being open source clearly helps with this. SuiteCRM gives you full control over your own data, because you decide where you want to store your data: on your own secure servers, on-premise or in the cloud.

What more do I need to do, in order to be GDPR compliant?

Using SuiteCRM is a first step to being GDPR compliant, because it helps you to comply with most processes that need to be in place in order to respect the individual’s rights. However, you need to do more too, such as writing up a good privacy policy, apply the restrictions on the transfer of personal data outside the European Union etc. For the complete list of requirements, please check the Information Commissioner’s Office site.

Get SuiteCRM

SuiteCRM is open source and can be downloaded from You can also try out an online demo. If you need additional assurances, warranties, indemnities and long term support, check out SuiteASSURED.