Understanding GDPR Compliance with BigChange

  • Updated

This article provides an overview of the General Data Protection Regulation (GDPR) and how BigChange ensures compliance with this regulation. It is crucial for businesses to understand and adhere to GDPR to protect personal data and avoid potential legal consequences.


Management of Personal Data

BigChange appoints a Data Protection Officer to oversee data privacy matters. This officer manages a set of documents that includes a Privacy Policy, Personal Information Management Systems, Data Asset Inventory, Privacy Impact Assessment, and procedures for Data Subject Requests and Data Privacy Notifications.


Security Measures for Personal Data

BigChange aligns its security measures with ISO 27001, an industry benchmark for Information Security. This includes HTTPS access, two-step authentication, user access control, and server and data protection. BigChange uses Amazon Web Services for server hosting and data storage, ensuring high-level security and data backup.


Features to Help You Remain Compliant

BigChange offers several features to help businesses remain GDPR compliant. These include managing consent, handling Data Subject Access Requests, and requesting data from BigChange. These features allow businesses to process data lawfully and for specific purposes, as required by GDPR.


Managing Consent in CRM

Your CRM system allows you to manage consent status for individuals. Here's how:

  1. Navigate to [Top Menu] CRM > Contacts > Persons > Select a person > Edit > Consents.
  2. Here, you can see existing consents or add a new one.
  3. Choose the 'Status' (Awaiting consent, Consent refused, Consent given).
  4. Select the 'Medium' (Email, Click, Telephone).
  5. Add any extra information in 'Comment'.
  6. Upload any relevant attachments.
  7. Click 'Ok' to save.


Any changes in consent are recorded, creating a history with dates and the person who made the change.

Additional Features:

  • Filter the person list by consent status and date.
  • Update the consent status of all selected individuals at once.
  • Send an email to all selected individuals with an opt-in link. The sent email and the recipient's response are saved.
  • Manually record opt-in/opt-out requests and attach the correspondence.
  • Manage subscriptions to marketing emails. If you select 'Marketing email', emails will only be sent to those who haven't unsubscribed.


These features work with back-office user rights. To access these, go to Profile > Admin Settings > Web Users > Roles > Contacts.



You can email selected individuals with a template that includes the keyword "Consent". This keyword will be replaced by a URL in the email, allowing the recipient to opt-in. The sent email and the recipient's response are recorded in the consent log. You can find the "Consent" keyword under the 'Contacts & Notes' tab, in the 'Person' section when creating a template.



 Data Subject Access Requests

Under the GDPR legislation, as with its predecessor, the Data Protection Act 1998, Data Subjects (any living person who is the subject of data) may request data held about them, and/or may request that their data be corrected, deleted or have processing ceased.

Please refer to Processing Data Subject Access article for more information.


Further Support

BigChange continuously adds new features and functions to its system, particularly those related to data security. Updates on these features are provided in the Help Centre. For more information on cloud service security, you can read our article on Cloud Service Security.



Understanding and complying with GDPR is crucial for businesses to protect personal data and avoid legal consequences. BigChange provides several features and security measures to help businesses remain compliant. For further support and updates on new features, visit the Help Centre.