Thank you for your answer. I understand what you mean but on the software side, it is needed (if I have understood correctly GDPR, not sure !? ) that the source of the software does not contain any lines of code giving acccess to the CRM database or exporting/modifying data from/in the CRM database hiddenly (in the back of the administrator). Of course, in a server side, the database must be protected as well, independantly of the CRM software protection features . I have to check this point.