CRM, GDPR and You: Is your business ready for May 2018?
With the GDPR now a year away, businesses must be prepared for the changes to data protection rules that will become enforced in May 2018. The system at the centre of most companies data collection, processing and storage is their CRM. With this in mind, SeeLogic will release updates and best practice advice for optimising CRM with the GDPR in mind. In this first article, we provide a general overview.
What is it all about?
The EU General Data Protection Regulation (GDPR) will become law in the UK, and across Europe, on 25th May 2018. This legislation lays down rules regarding how companies can use an individual’s personal data within the European Union. In the UK it will replace the Data Protection Act 1998.
What about Brexit?
Britain voted to leave the EU in July 2016 and invoked Article 50 in March 2017 to commence the parting of ways. However, the UK will still be a member of the EU on 25th May 2018, and any company trading in the EU must abide by the GDPR. In addition, the Information Commissioner’s Office have said they will retain the regulations as set out in the GDPR even when Britain has left the EU. Brexit doesn’t make any difference. You will still need to be compliant.
What does the GDPR mean for you and your business?
The GDPR document runs to 220 pages detailing the rules and regulations that must be followed or face hefty fines. The fines for non-compliance will be up to €20,000,000 or 4% of global turnover. That is enough to put most SMEs out of business.
So, what are the key issues?
The major issues are Consent and the Right to be Forgotten.
A company is required to prove it has consent to contact an individual. This means you must be able to prove that an individual has deliberately and specifically opted in to receive your material. It will not be acceptable to pre-tick opt-in boxes in small print hidden away so that it’s not noticed.
You must also state clearly, at the point of collecting a person’s data, what that data will be used for. For example, for marketing, for product support, or for accounting purposes.
And, of course, individuals on your list must be able to opt out of being contacted at any time.
Right to be Forgotten
The Right to be Forgotten requires you to remove all trace of an individual when they request it. And this doesn’t just mean deleting them from your contact database but also from any other files that may have been archived.
There are eight rights outlined in the GDPR, it is important to be aware of the implications for all of them, we recommend reviewing the latest legislation here: https://ico.org.uk/for-organisations/data-protection-reform/
How can your CRM help?
Many companies hold personal data on their customer relationship management (CRM) system. This data may have been manually entered, it could have been annotated with notes following visits or phone calls.
Your first consideration will be to clean up your existing data. Ask yourself where did this data come from, is it still valid, and do you still have permission to contact this person?
Then you need to have processes in place to ensure that future data is collected with specific opt-in permissions, with all activity date stamped. You must be able to demonstrate accountability for all activities.
If you are running an older on-premises version of a CRM, it may require modifications to fields or work flows in order to be compliant with GDPR. For your own peace of mind, it is important to check the functionality, as well as whether your existing data is compliant. If you are running a highly customised CRM, be aware it may require more time and resource to update.
Microsoft is confident that anyone signing up for their cloud services, will fully comply with the data security aspects of GDPR. Microsoft is providing continual information on the GDPR, which includes a shared a 5-step plan to begin the journey to data compliance:
Identify what personal data you have and where it resides
Manage how personal data is used and accessed
Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
Action data subject requests and keep required documentation
Analyse your data and systems, stay compliant, and reduce the risk of being fined
Other cloud-based CRM software vendors are working on ensuring their systems are going to be compliant in time.
If you have any doubts about your current CRM system, or you don’t have an existing CRM system at all, then contact us today to discuss your requirements. We can help you find the best solution to manage your customers’ personal data.
Sources and useful reading:
CRM, GDPR and You will be a series of articles designed to explore more of the issues and solutions surrounding data regulation changes.