Information requested
Under the Freedom of Information Act 2000, I would like to request a copy of any data protection impact assessments your organisation has conducted in relation to the Customer Relationship Management (CRM) systems that you may use.
better customer experiences and increasing revenue.
If you do not have a system which fits the above definition, I would request advice and assistance as to what system you use to manage customer data. I can then advise if I wish to proceed with my request. If the information is already published, please supply me with a link to the said documents.
NHSCFA response
In response to the request, our CRM operates on the Microsoft Power Platform, leveraging Dataverse as the central data infrastructure. The platform enables centralised management of business records, seamless integration with Microsoft tools (including Teams, Outlook, and SharePoint), and automation of workflows through Power Automate. Users interact with the CRM via a model-driven app (MDA), accessible in both web browsers and Teams, enhancing efficiency and collaboration across the organisation.
The DPIA relevant to the CRM is Microsoft Power Platform and Dataverse, which ensures compliance with GDPR and the Data Protection Act 2018. This DPIA addresses key areas such as data storage, access controls, and security. Since the CRM is built within the Dataverse environment, this DPIA provides all necessary assurances for its use.