Before handling personal information about your European Union (EU) customers, vendors, staff, or other business contacts, you should determine and record what your lawful basis for doing this is.
Use the “Legal basis for processing data” drop-down in People & Organizations to document your lawful basis, helping to make sure that you comply with the EU General Data Protection Regulation (GDPR).
What types of legal basis are there?
There are six types in the system by default:
Employee
Freely given consent
Legitimate interest - existing customer
Legitimate interest - prospect/lead
Performance of contract
Unknown
These are stored as a list of values that you can add to in System Setup > List of Values.
Default values
All organizations and contacts added to your system before May 21st, 2018, have had their type automatically set to “Unknown”.
Organizations and contacts that you add have a default type of “Legitimate interest - prospect/lead”.
All users have their default type defaulted to “Employee”.
You can change the default for new organizations and contacts by editing the “Lawful Basis Type” list in System Setup > List of Values.
Add or edit a legal basis
When creating or editing an organization, contact, or user in the system, select the correct option from the “Legal basis for processing data” drop-down.
You’ll also see the option when creating a new organization from an opportunity.
See changes to the legal basis
Changes to the legal basis are logged in Recent Actions. Click Recent Actions under the Actions heading on the right of a contact, organization, or user page to see changes.
Changes will also appear in a user’s recent actions.
Document layouts and discussion templates
If you’d like to display the legal basis for processing data on a document layout or discussion template, use the lawful_basis_type_name attribute.
How you access this will depend on the document or template that you’re working on and whether you’d like to display information about an organization, contact, or user. Check out: Liquid objects
Not familiar with editing document layouts? Not a problem, we offer a document layout modification service. Start a conversation with our Customer Success team using the green help bubble, and we’ll be happy to help ↘️
Common questions
Which type should I use?
We provide tools in the system to help you with GDPR compliance, but we can’t advise on how you use this field within your business. See: GDPR
What are the different types?
The different types of lawful basis are outlined in Article 6 of the text of GDPR. You can read the text at EUGDPR.org.
The UK’s Information Commissioner’s Office (ICO) has a good summary which may help as a starting point. Remember, the ICO is a UK authority, so check resources for your region if necessary.