Pythagoras GDPR Readiness Statement

Pythagoras are already building and deploying GDPR ready solutions in partnership with our clients.

Microsoft Dynamics 365 and Office 365 contain many ‘out of the box’ features to support GDPR. Features such as Security Roles, Privileges, Field Level Security, and Access Teams can all help to ensure that organisations are GDPR compliant ready for May 2018.

Each of our clients remain the ‘data controllers’ for how their collated personal data is used. Pythagoras acts as their trusted partner to ensure that our implementations meet their needs for GDPR, and we can provide advice and guidance on what similar organisations have implemented with us.

As an example, the Dynamics 365 security model enables clients to allow or restrict access to personal data based on consents given to specific users or teams.  For a recent client, Pythagoras has used the out the box security and sharing records feature of Dynamics 365 to ensure that only required individuals have access to the contact and the related case data within their organisation.

For additional out of the box product information, Microsoft have released the following helpful advice and guidance.

For further information on how Pythagoras can assist you in your GDPR readiness, please contact or call 01628 519 000.

Cantata GDPR Readiness Statement

Cantata has a wide variety of experience with GDPR across a range of our clients; we have been working with the issue since it first emerged as a legislative idea.

It presents both a challenge, of course, but also an opportunity to establish a clearer and closer connection with all of your customers. It is a chance to ‘reset’ and gain consent to a more active and involved relationship.

The Basics

Cantata is working to ensure that our systems and storage of our own data comply with the requirements of GDPR and are helping existing clients to ensure that the systems and data they have in place will meet the required standard. However, we see technology as only a small part of the challenge.

Do you need to change your organisation?

Cantata view the introduction of GDPR as an overall business issue requiring more thought and planning than system updates. Are your senior management team aware of the nature of the GDPR rules and the business wide implications?

Should you make a formal appointment of a Data Protection Officer – and how will you train them? Will they manage introducing Data Protection by Design and Data Protection Impact Assessments to your organisation? Do they have adequate provision and authority to deal with reporting and managing any data breach? Has your DPO reviewed your data privacy statements and prepared GDPA compliant versions? The more you can do now the less will need to be revisited when GDPR comes into force in May 2018.

Do you need a data audit?

Do you truly know what customer data you hold in your organisation? We’ve seen many challenges in this area where different areas or individual hold ‘their own’ records and don’t share the knowledge.

Once you know what data you hold, are you clear on the rationale for having it – the business purpose for which it is held? Are these purposes acceptable in terms of the customer consents you hold – and are those consents valid for the use you are making of the data? If data on children is included have you got appropriate consent from their parent or guardian and can you evidence that consent? Don’t get pushed into a doomsday scenario of believing you have to delete all previous consents and cannot make any use of personal data. There are clear actions to address these challenges but ignoring them is a limited and potentially very damaging approach.

Knowing all the data you hold has long been a problem for Data Access requests – but now you will have less time to process these requests and you are expected to make it easier for the consumer to raise the request. Are you planning to enhance this capability – and will you have to consolidate much of your data to a single platform to achieve this?

Cantata can help

Cantata will work with their clients to resolve these and many other business challenges arising from GDPR – along with the review of your business model to meet the Marketing challenge of producing the required revenue generation if current data is seen as non-compliant. At the same time as ensuring the basic systems support what you need of course.


Eudonet GDPR Readiness Statement

With over 17 years’ experience of staying ahead of the curve, Eudonet continues to reassure their clients regarding security and more recently, GDPR compliance.

We’re spending as much time on maintaining an intuitive, easy to use CRM for users as we are providing deep compliance and auditing features for admins and GDPR officers.

Already boasting multiple GDPR features and key requirements out of the box, such as consent, methods of communication preferences and full exports for auditing, our team of developers is continuing to work with GDPR advisors on additional features.

Upcoming features include:

  • The ability to define fields as sensitive/confidential
  • Data archiving and deletion according to date or user rules
  • Admin level controls over data processing
  • Processing of international data
  • GDPR and Data Quality dashboards for GDPR officer

At Eudonet, we see GDPR as an opportunity for best practices and excellence in contact management, rather than additional trouble and potential fines. Our latest editions already help users save time and energy on their key day to day tasks, and future versions will ensure data management and contact preferences are intuitive and easy to use.

Admins and GDPR officers will find compliance and audits easy to maintain, ensuring users can continue with their jobs with new compliance rules in place.

We at Eudonet are committed to equipping our users with the tools necessary to become and remain GDPR compliant in time for the May deadline.

For further information visit

Workbooks GDPR statement

Workbooks are developing a comprehensive plan to support their clients’ efforts to achieve GDPR compliance.

A current statement can be found through this link GDPR and Workbooks

m-hance GDPR readiness statement

m-hance NFP365, built on the Microsoft Dynamics 365 platform, now has additional standard functionality to address the upcoming requirements of GDPR.

Over the past 6 months, we have worked with clients and partners to ensure there is sufficient core functionality included in NFP365 to provide a solid foundation for our clients, so each solution can be quickly and easily extended, with our guidance, for each client’s compliance journey.

Whilst there is rich functionality out the box, this GDPR foundation must, of course,  remain flexible to change as the new requirements are further interpreted by the ICO and case law.

We also recognise that each charity may need subtly different approaches to GDPR based on their where and how data is currently stored, current data quality and completeness of consents and permissions. We work closely with them to ensure that each new solution supports individual compliance.

In addition to the functionality offered as core within Dynamics 365, such as security, user roles, field level security and audits, the NFP365 solution will provide:

  • New forms and fields clearly defining how individuals who have opted in and out of different messaging and services, so they can be automatically excluded or included in communications applicable to their consent activity type
  • GDPR specific business processes and workflows to ensure the right information is captures against an individual record or is routed to the appropriate person or team
  • Specific processes that ensure that sensitive data can only be viewed and updated by appropriate persons or job functions
  • Case management with prebuilt SLA’s to meet the time frames set within GDPR, managing information requests, requests for permission changes and complaints
  • Reports providing all activity and donation history to be sent to those individuals who request it
  • Inbuilt detailed auditing evidencing what data has been created or updated, when, and by what process or individual user

Over the past six months we have worked closely with Microsoft and other partners to share our combined knowledge and interpretation of GDPR, specifically in the special context of the charity sector. Microsoft and m-hance have held several joint seminars with attendees from the charity sector and from this we have gained valuable insight into the challenges faced by charities and the key capabilities a new solution requires to aid current and future compliance.

On-going solution implementations with key clients have provided us further insight into how organisations are interpreting the new regulations. This has led m-hance to introduce dedicated GDPR workshops during the discovery phase of all new projects.

m-hance is committed to continually update the NFP365 solution to respond to current and future legislative and structural changes affecting the charity sector.

To read more about m-hance’s recommendations on GDPR compliance you can download their eBook, GDPR Success in 5 Steps,

For further information about NFP365 contact Tory Cassie on or 07854 686 489

Core GDPR readiness statement

With the incoming General Data Protection Regulation (GDPR) becoming law in May 2018 it has never been a more precarious time for organisations to have a lack of control of their data.

Historically, however, knowing exactly what data an organisation had, who was accessing it and where it was being accessed from has been the purview of only the largest companies. Smaller and Midsize companies who did not have the luxury of experienced security professionals and dedicated security tools were left to wonder.

But with GDPR holding all companies financially liable for data breaches with fines up to €20 Million, size is no longer a defence. Using elements of Microsoft’s Secure Productive Enterprise product suite and Core’s own security expertise we can help you take back control of your data and ensure that you don’t end up a cautionary tale.

During the course of Core’s assessment we will cover Managed Security Lifecycle and how a typical managed security engagement with Core would look at a high level. We will cover:

Identify – Security is not a ‘One size fits all’ proposition. In order to maximise the return on investment in security the solution must determine the security needs of the business and balance those with maintaining a productive workforce. Core’s experienced security professionals can help with defining and writing the policies required to be the solid foundation of any security program.

Protect – How Core uses Microsoft technology to provide up front protection in the form of encryption and multifactor authentication.

Detect – How Core utilises the Microsoft combined ecosystem to correlate across multiple sources and determine when the data is under attack.

Respond – How Core’s experienced security professionals conduct incident response for threats to the system.

Recovery – How Core uses Microsoft technology to ensure that in a worst case scenario, your systems and data are back up and running in the shortest time possible.

smartimpact GDPR readiness statement

GDPR: We’re getting ready…Are you?

The new General Data Protection Regulation (GDPR) comes into force on 25th May 2018, but how will it affect you and your members? Here’s five key things you need to know now:

1.    It’s increasingly about ‘consent’ and the ‘lawful processing’ of data
GDPR brings a whole new focus to ‘consent’, or opting-in to communications and activity. For example, you need to actively gain consent (no more of those pre-checked boxes) and you must record that consent. Consent is also ‘granular’, i.e. people can consent to some things but not others.

2.    Individuals will have more rights
Individuals have many more rights under GDPR, including the right to be forgotten, the right to move data from you to another platform (portability), the right to restrict data processing and the right not to be subject to automated profiling. This last one will have implications for you if you use an email marketing platform or do any online profiling of your contacts. Yes, that includes Google Analytics!

3.    Your policies will need to be updated
Your cookie and privacy policies will need updating as will your internal data protection policy and all your consent notices. Do not underestimate how much time this could take. For example, your internal data protection policy will need to include a section on how you will detect, report and investigate data breaches.

4.    You need to name any third parties you share data with
You will no longer be able to have the catch-all ‘We sometimes pass your details onto interested third parties’ check box option. If you share data with third parties you need to specifically name them at the point of consent and once again capture that consent along with the specifics of each consent.

5.    Brexit will NOT affect the UK’s adherence to the regulation
If you have to comply with the current UK Data Protection Act 1988 or deal with anyone in the EU after May 2018 then you will have to comply with GDPR. Basically, if you store or manage data on individuals (members) then this change in regulation will affect you.

How we’re getting ready
We here at smartimpact have been, and continue to, work hard to make sure that our CRM solutions comply with GDPR and continue to protect member data. We are working closely with our clients and third party partners, such as Microsoft, to ensure compliance is built into the very framework of each system we deliver. This  includes the right to be forgotten, the portability of data and privacy by design along with consent tracking and granular preference services.

We also believe in close integration between your website, membership/marketing teams and CRM to provide a central repository with audit history on all members’ consents captured.

It’s not long before GDPR comes into force – now’s the time to get your head around it all and develop an action plan. You can get a lot of information on GDPR from the ICO website (such as the 12 Steps to Take Right Now), from Microsoft (check out their GDPR Trust Centre website) and we are here to help and advise.

Call us on 0845 544 2043.

Felinesoft GDPR Statement

APT Solutions GDPR Statement

Trillium GDPR Statement