GDPR Introduction


What is GDPR?

GDPR is a European privacy law enacted on May 25th, 2018. It has four basic requirements


Whenever you ask for someone’s personal information, you must disclose how the information will be used.

Legitimate reason for using personal information

The best reason for using someone’s personal data is with their consent. Without their consent, you may still have a legitimate reason (such as a legitimate interest), but it may be harder to prove as legitimate.

New rights afforded to data subjects

People have the right to know what data you store about them, to obtain a copy of it from you, to withdraw consent to your use of their data, or to have it deleted.

Protection of personal data

You should protect personal data at all times. It is recommended that you encrypt sensitive data about a person whenever possible. Sharing it with third parties is prohibited without consent.

Failing to abide by GDPR can result in fines of up to $20MM or 4% of annual revenue.

Why was GDPR enacted?

In the few decades after the internet was commercialized, technology has transformed how we live and work. We ask Google personal questions, read Fox or CNN, send private messages through Facebook, and buy private personal effects on Amazon – these actions say a lot about us. And all of this data is stored, mined, and sometimes traded, with consumers having little control over the process.

Increasingly frequently, that data is being lost or misused. The Equifax data breach demonstrates that even the largest companies holding the most sensitive data can lack the basic safeguards necessary to protect us. Meanwhile, social networks and search engines mine and monetize us through our data in ways we don’t know. These are real and growing problems that GDPR aims to address.

Which businesses are bound by GDPR?

GDPR applies to you if you meet any of the following conditions:

  • You have customers in the EU
  • You provide services to (paid or free) to EU citizens
  • You market to EU citizens
  • You monitor the activities of EU citizens

If you are outside the EU and run an exclusively local business, you don’t have to worry about GDPR. A flower shop in rural Ohio is unlikely to face the burden of complying, even if someone from the EU stops by your website and is captured by your analytics software.

It’s not your company’s size, but if EU residents could be seen as part of your target market, that determines your need to comply with GDPR. That means a small SEO company that accepts business internationally is still bound by GDPR.

Personal Information and Privacy

Personal information you provide to RSoft through the Service is governed by RSoft Privacy Policy. Your election to use the Service indicates your acceptance of the terms of the RSoft Privacy Policy. You are responsible for maintaining confidentiality of your username, password and other sensitive information. You are responsible for all activities that occur in your user account and you agree to inform us immediately of any unauthorized use of your user account by email to or by calling us on any of the numbers listed on We are not responsible for any loss or damage to you or to any third party incurred as a result of any unauthorized access and/or use of your user account, or otherwise.

Changes RSoft has made to comply with GDPR

Our practices, policies, and products fully adhere with GDPR.

  • You will only receive communications that you consent to receiving, and can opt out at any time.
  • Our privacy policy and terms of service are visible, clear and comprehensive about what data we collect, its uses, and your rights to control it. You can grant or rescind consent to these policies and terms.
  • You can ask us for a data processing agreement (DPA) that states how we process your data. Email us at, or find it on the billing page.
  • We only share data with third parties with your direct consent, or if you agree to terms or policies that include those third parties. All our third party data processors comply with GDPR. We never have or will sell your data to third parties or use it for advertising.
  • To our knowledge, our users’ data has never been compromised. To ensure your data’s protection, we only store data we have consent to store, unless it’s required to provide you with service, or where we have a legitimate interest.
  • We encrypt sensitive personal data whenever needed to keep your privacy safe, and when can be done without compromising an aforementioned purpose.
  • You can ask us to see, correct or erase your data, stop us from processing it, or request a copy by emailing us at
  • We have appointed a Data Protection Officer that you can contact by emailing
  • We’re arranging similar GDPR-ready data processing agreements with our Vendors.

RSoft CRM features that help you comply with GDPR

  • Persistent disk-level encryption
  • Automate the request, collection, and use of consents from leads and contacts
  • Encrypt lead and contact fields at rest
  • Audit user access and modification of encrypted data
  • Double opt-in mechanisms for email marketing

Please note: some of the above features require a specific tier of RSoft, or subscription to RSoft’s Privacy Shield

Start your journey to complying with GDPR

When you use RSoft CRM, you can trust that your data are safe, and that you always have the tools necessary to comply with GDPR. However, the tools must be used the right way. To that end, we recommend learning about GDPR, then updating your policies, practices, and procedures to comply with GDPR.