GDPR compliance

How is the data protected?

Both the NLRC and EspoCRM adhere to the European General Data Protection Regulation (GDPR). In case National Society maintains its own EspoCRM instance, NS is a data processor. For more information about data processor: https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/

The National Society is the data controller and is therefore responsible for any data entered into the system. Your partners should therefore be informed and in compliance with their data protection legislation.

NS must decide how long project data can be stored in the system and how it will be deleted or anonymized after the program is closed. Regular Data Protection Impact Assessment reviewing is recommended.

Data collected with third party tool Third party handle the data storage. For instance, data collected with KOBO tool will be stored on KOBO servers and fall under their data protection policy. Kindly note this is separate from EspoCRM data process.