by diligent

SweeterGDPR adds a lot of new features to your SuiteCRM, each one aimed at easing compliance with GDPR requirements, and maintaining data protection best practices.

Free 30 day trial
Try it Now



< >


From the moment you install and set up SweeterGDPR to your SuiteCRM system, the GDPR Log will start to keep track of every change to the given contact/lead/target. To view the GDPR Log, navigate to the contact/lead/target's detail view and click on the "Actions" menu. Click on the GDPR Log option. This feature enables you to quickly gather every data associated with a specific contact/lead/target within SuiteCRM, export and send said data to the specific contact/lead/target upon request.


Tip: only users that cover the role allowed in the first stage of the GDPR Configuration process (please refer to the Complete Manual for SweeterGDPR) and the system admin will be able to view the GDPR Log option in the "Actions" menu.

Important: the log will not display changes that happened before SweeterGDPR was installed and configured. The GDPR Log is divided in two sections: the Audit Log itself and the Relationship Log

GDPR Audit Log

The functionality of the GDPR Audit Log makes several notable improvements on the standard SuiteCRM change log. Not only will it track and show all changes related to all fields contained in the item's detail view, but it will also do the same for items contained in all subpanels. This means that, for those fields you activated during the second stage of the GDPR Configuration process (please refer to the Complete Manual for SweeterGDPR), the GDPR Log will show you changes for all activated fields somehow related to the specific contact/lead/target.


Here, each item's name of this list will be available as a clickable link to the item's detail view.

Important: the Audit Log will track changes occurring after the installation of SweeterGDPR.

GDPR Relationship Logs

Further, at the bottom of the page, you'll be able to also view a list of every related item to the current contact/lead/target within the Relationship logs. This is a summary containing every related item to the current contact/lead/target. Therefore, this will not show changes to the fields contained within the given item.

Tip: if you select an already created item from the subpanel of a contact/lead/target, this item will be listed within the relationship logs. However, since nothing on the item itself has changed (no fields have been modified), it will not be listed in the GDPR Audit Log. That is, until at least one field for that item is modified; at which point the item will be listed on both the Relationship logs and the change related to the field on the GDPR Audit Log.


Important: the Relationship log will track relationships occurring after the installation of SweeterGDPR.

Print the GDPR Log

Finally, the GDPR Log functionality gives you the ability to print the log itself. Using this functionality, you are able to quickly gather all known information for a specific contact/target/lead present on the system and immediately send it to the interested party. The log will be generated as a word document and it will contain both the GDPR Audit Log as well as the Relationship logs.

Image You can find this button on the top right corner of the GDPR Log page.

Back to top

< >

GDPR Anonymize

The GDPR regulations have established that individuals are entitled to the deletion of their personal data on third parties’ system, if they so choose (the so called “right to be forgotten”). Deletion of items in SuiteCRM is of course a standard feature. However, this feature within SweeterGDPR makes sure that this request is met without necessarily deleting all information pertaining to the record, by anonymizing only certain fields of said records and leaving the rest untouched. Using this functionality, your company can effectively anonymize the record by targeting the fields specific to your business that could allow you to re-identify the individual after the anonymization process is completed, but still retaining the information that are generic and from which is impossible to re-identify the specific individual for statistical purposes.

Important: Anonymized fields will be impossible to recover, as the anonymization targets SuiteCRM's UI, database, change log and GDPR Log. Audit logs tables contained in the database for contacts/leads/targets are targeted as well and even all previous values for a given field are anonymized.

Up to 3 modules are available for the anonymization of fields: contacts, leads and targets. These modules can be activated during the first stage of the GDPR Configuration process (please refer to the Complete Manual for SweeterGDPR). Fields that have to be anonymized can be selected during the second stage, using the Anonymize Field Configuration multiselect area.

Upon activation of the GDPR Anonymization for a specific module, you can use it on the specific item you want to anonymize. Simply navigate to the contact/lead/target's detail view and click on the "Actions" menu. Click on the GDPR Anonymize option to start the anonymization process.


Tip: only users that cover the role allowed in the first stage of the GDPR Configuration process and the system admin will be able to view the GDPR Anonymize option in the "Actions" menu.

Anonymization Process

At the start of the Anonymization process the system will look for contacts, leads and targets with similar name, surname and email address regardless of whether you activated the module within the first step of the GDPR Configuration process (please refer to the Complete Manual for SweeterGDPR). It will then present a list of all contacts, leads or targets that could possibly be the same entity. At this point, the user will be asked to choose which contact, lead or target to slate for anonymization by simply clicking on the checkboxes next to the items to be anonymized.

Clicking on the "Select Person(s) and Continue" button will advance the process only for the selected items.


The next step of the process will display those entities (contacts, leads or targets) you have slated for anonymization and, if present, a list of tasks, meetings, calls, emails and notes that are assigned to all of the entities listed above. Each item's name of this list will be available as a clickable link to the item's detail view. Here, you'll be asked what the system should do with such items and you will be given two choices: archive or delete the item.


Archivizaton means that the item is deleted from the UI. For all intents and purposes it is not available anymore using SuiteCRM. However, this item will be kept in the database, even if flagged as archived. If you mean to use this feature and keep data safely stored in the database only, remember to deactivate the scheduled job "Prune Database on 1st of Month" within the Schedulers menu of the Admin page.

Deletion means that the item will be deleted from both the UI and the database.

Items can be selected to be both deleted and archived. Deletion will take precedence on the archivization.

Click on the "Anonymize/Delete" button to complete the process.


Tip: an entity to which multiple email addresses are assigned will appear as many times in the persons section of the first and second stage of the Anonymization Process. However, for SweeterGDPR version 1.0.12, only the principal email of an entity will be anonymized. We plan to expand this and enable multiple email anonymization in future releases.

Behavior of the Anonymization Process

Even though the system will show you modules that you might have deactivated during the first stage of the GDPR Configuration process (please refer to the Complete Manual for SweeterGDPR), it will not anonymize fields for that specific module. With one important exception: the Email address will be anonymized system wide. On the other hand, the system will delete/archive related items even if they were assigned to the entity (contact/lead/target) whose module was deactivated.

Any other field that was activated during the GDPR Configuration and contained a value before the anonymization process, will be substituted with this value: ****

Email addresses will be instead substituted by this value: ****

On a final note, the anonymization process will not show you related items to the entity other than tasks, meetings, calls, emails and notes. This is because, once the entity has been anonymized, even its relationship with any other module will be updated. As an example: if a case was related to a specific contact, after the contact's anonymization the relate field on the case detail view (or contact subpanel) will be updated as well.

To sum it all up:

  • A field with value in it targeted by anonymization will be substituted permanently by the **** value.

  • A field without value in it targeted by anonymization will be left untouched.

  • Even if showed in the selection process, a person's fields within a detail view of a deselected module will not be anonymized.-
  • Related items (tasks, meetings, calls, emails and notes) will be deleted/archived even if assigned to entities whose module was deselected, if the item is checked for deletion/archivization.
  • All other related items (cases, documents, opportunities, etc.) will not be shown during this process. They will however be listed in the GDPR Log.
  • If the email address of an anonymized entity (say a contact) is present on different entities as well (lead or target) and if the email address is a field selected in the GDPR Configuration process’ (please refer to the Complete Manual for SweeterGDPR) second stage, that email address will be anonymized system wide: all entities and items within the system that contained that email will be updated to the new value of ****
  • The above holds true for as many anonymized emails addresses an entity might have.

Back to top

< >

GDPR Double Opt-In

Another important requirement of GDPR is that companies must ask for explicit consent and demonstrate that consent for marketing communications purposes was given by the contacted party. To explicitly ask for consent through a double opt-in process for contacts/leads is a data collection best practice and has become the standard. SweeterGDPR includes a Double Opt-In functionality. Although newer version of SuiteCRM provide a double opt-in functionality, the GDPR Double Opt-In functionality is a separate one that will help to keep track of the consent/denial for the single contact/lead. Plus, it will enable the double opt in functionality on previous versions of SuiteCRM where the functionality is not included.


To achieve this, SweeterGDPR will add a new GDPR section to the detail view of contacts/leads. Within this new section, a total of 9 fields will be added. Some will be available for users to change, others will only be changed by the system and two are only modifiable by system admin and users within the GDPR role. These are:

Fields modifiable by users Fields only the system is allowed to modify Fields modifiable by system, admin and GDPR role
Consent for data processing Date of consent for data processing Double opt-in consent given
Profiling Date of consent for Profiling
Consent to subscribe to Newsletter Date of consent for subscription to Newsletter
Double Opt-In Process Date of Double Opt-In Date of Consent/Denial

Important: among those fields which are free for user interaction, the most important one is the "Double Opt-In Process" check box. By ticking the check-box and saving the record, the system will start the Double Opt-In process.

Consent for data processing, Profiling and Consent to subscribe to Newsletter are fields that can be used to track the entity's selection for each of these more specific consents. They will however not initiate the Double Opt-In process on their own.

Whenever one of these fields is checked, the corresponding date field will be automatically filled with a time-stamp on save.

The only field left to define is the "Double opt-in consent given". To better explain what this field keeps track of, we'll describe its functionality during the Double Opt-In process description, further in this section.

Tip: you can set some or all of the fields modifiable by users as required fields. This way, your users are forced to acknowledge that consent was given before they are allowed to save the record. You'll be able to track who modified each check-box by both the Audit Log and the GDPR Log.

Important: the GDPR Double Opt-In functionality is a feature that works independently of the Double Opt-In one that comes standard with certain versions of SuiteCRM. This means that it uses a different entry point, different opt-in and opt-out urls and different email templates. Specifically, opt-out links automatically added in email templates of newsletter or campaigns in the standard SuiteCRM functionality will have NO effect on the "Double Opt-In Process" field. The GDPR Double Opt-In should be seen as a generic consent to be contacted by your company and not used to track consent for the individual newsletters/campaigns. Regardless, if you want to include the option for your contacts/leads to opt-out not only of the specific newsletter/campaign but more generically from all communications from your company, you can do so by copy pasting the opt-out link within the GDPR Email Templates (please refer to the Complete Manual for SweeterGDPR) onto any template.

It has been previously mentioned that the GDPR Double Opt-In functionality has been built to be completely independent of SuiteCRM’s standard Opt-In. This has been done to ensure that:

  1. A more generic consent to be contacted by your company is established
  2. No interferences with the opting in/out system of newsletters from the campaign module occurs
  3. Finally, no interferences with SuiteCRM standard’s confirmed Opt-In (when applicable) occurs Newer versions of SuiteCRM provide as well a double opt in functionality that can be activated by the action menu of the contact’s detail view, or as a bulk action in the list view. This feature is called “Confirmed Opt-In”. For more information consult SuiteCRM documentation here ( The only existing dependency between the GDPR Opt-In and the Confirmed Opt-In lies in the fact that they are using the same opt-out entry point (therefore, same opt-out link).

Back to top

< >

GDPR Tab on cases Module

This feature of SweeterGDPR will help you keep track of the specificity of each GDPR related request (Information, correction, deletion, scope, portability and objection). Many fields will be added to your case module to allow you to record each request on a different field.

To start off, upon installing SweeterGDPR, a new value will be added to the drop down of the field Type in the Cases module: GDPR. When this value is selected a new tab will appear on the case's detail view. This tab will contain all additional fields added by SweeterGDPR.


Note that, when opening the tab you'll notice an empty space at its very top -> Don't worry, this is intended to be like so and it's necessary for the GDPR tab to disappear when not needed ;)

Please also refer to the complete manual for a full list of all the new fields that will be added to the Case module under the GDPR tab. You can find this here.

GDPR Case 3.png

Back to top

< >

GDPR Joomla!

This feature of SweeterGDPR will facilitate your company's reception of GDPR related requests, synchronizing specific fields between SuiteCRM's cases Module and Joomla!.

Further, it adds to your Joomla! instance the possibility of adding new pages for your portal users to create GDPR related cases. The portal users will be able to see how the values of such fields change thanks to the live synchronization of specific fields. Additional fields that are synchronized between SuiteCRM and Joomla! are:

  • Case Type
  • Received Request Status
  • Request Type
  • Summary of Actions taken

To use the Joomla! GDPR portal extension, you'll need to create new portal users. These are contacts that will receive a system email with credentials to access your portal. From there, they will be able to create cases, which are immediately synchronized on SuiteCRM. To do this:

  1. Open the detail view of a test contact and select "Create portal user"
  2. The contact will receive an email (template for this can be changed in AOP standard settings) with a link to the Joomla! instance connected to your SuiteCRM and a new password


  1. The contact is now able to log in to the given Joomla! instance
  2. Create a new case from Joomla!
  3. Should the contact select the "GDPR" value for the drop down "Type", an additional field called "Request type" will be available to him

If you're curious to know more, you can consult the Complete Manual for SweeterGDPR, or of course, contact us at any time!

Go back to Top or back to Introduction

Saving Comment Saving Comment...