Protecting customer data should always be a top priority for businesses. But doing so is increasingly extending beyond moral responsibility and taking on the form of legal requirement. As we all know, the General Data Protection Regulation (GDPR) took effect May 25. The set of regulations, which replaces the Data Protection Act 1998, legislates online data rights for any organisation that sells products or services to European Union (EU) customers.
Complying with these new rules can be daunting, particularly since there’s still a lot of confusion regarding the specifics of these new rules and requirements. But, if you can understand these five keys to customer data protection, it will go a long way toward helping your business achieve compliance.
Familiarise yourself with GDPR’s definition of personal data
If you find the new data laws perplexing, you’re not alone. About one-third of surveyed businesses owners said they were confused by the GDPR. In order to comply with rules, you must first understand them—and that starts with GDPR’s definition of personal data.
Personal data protection is a key component to the legislation and one that’s crucial to fully comprehend. The GDPR broadly defines personal data as any information that can directly or indirectly identify a person. The lengthy list of personal data identifiers ranges from a person’s name and address to their workplace and appearance. Essentially, the definition includes any information that would directly identify a specific individual, or information that could indirectly pinpoint a person through a combination of data.
Much of the information you’ve recorded about individuals in your CRM is likely considered personal under GDPR. With this in mind, it’s critical to keep your CRM’s data secure, and ensure it’s managed in a compliant fashion.
Data usage and storage compliance
The right CRM can work wonders when it comes to complying with GDPR’s data usage and storage rules. As you probably know, new data protection principles require personal data to be used fairly, legally and transparently. It must also be collected for specific purposes – and used for only for those specified purposes. Data must be deleted when it’s no longer being used for its initial, intended purpose.
It might sound overwhelming, but complying with this new set of usage and storage compliance is perfectly manageable. A CRM can help small businesses track how users are logging and using information on file. It can also limit access for users to ensure they only have access to information that’s relevant to their specific roles.
Better still, small business-focused CRMs such as Act! allow users to store and clearly display individual data preferences, and keeps tabs on when each file was recorded or edited. This helps small businesses to eliminate redundant data, and work with the most relevant files, all the while remaining GDPR compliant.
Of course, all the new requirements set forth by the GDPR would be meaningless without an effective accountability strategy. That’s why the GDPR has set a number of measures in place to ensure businesses demonstrate compliance.
Though the list of accountability requirements is lengthy, the right CRM can make it manageable. For instance, a CRM can help document compliance by securing data, offering built-in storage, and making files easily accessible. Though a CRM can’t address all the accountability requirements, it can certainly ease the burden for small businesses struggling to keep pace with the GDPR’s demands.
Getting the right CRM can help
Meeting the GDPR’s online data requirements can be challenging – particularly for small business with limited resources.
The right CRM can simplify the process in a multitude of ways. After all, the CRM and GDPR worlds are already intertwined. Both strive to prioritise customer needs, treat online data respectfully, and effectively manage customer information. A good CRM can simplify the GDPR compliance process by helping users track and edit data, log customer preferences and stay abreast of a customer’s changing needs or privacy preferences.
Understand where you should be right now in terms of readiness
GDPR took effect on May 25 and the Supervisory Authorities enforcing these new regulations understand that, especially for SMEs, there may be a bit of a learning curve along the road to compliance. In fact, a new study from Swiftpage revealed that while UK SMEs rate themselves on average at about a 7.3 on a 1-10 readiness scale for GDPR, nearly a third (32%) do not anticipate being GDPR compliant by the end of 2018, a full seven months after the deadline.
What should these companies do? The important thing is to begin taking action today and demonstrate that your business is making a good faith effort to achieve compliance sooner rather than later. Do the research to understand personal data, data usage, accountability requirements, etc. to show that you are moving toward GDPR compliance. Find and implement the right CRM solutions that can help ensure your customer interactions are GDPR compliance, and ask lots of questions along the way. If you your company is taking meaningful steps toward GDPR compliance sooner rather than later, your business is right where it needs to be.
Proper customer data protection is essential to business success in 2018 and beyond. By centering your GDPR plan around the right CRM, you can save yourself a lot of headaches and handwringing and position your small business to safeguard its most important asset—it’s customer base.
About the Author
Lindsay Boullin is GM of Swiftpage International and Global Customer Success Leader. At Swiftpage, Boullin is responsible for Act! customer service globally as well as sales outside of the Americas. He previously held the title of VP of International Operations with Swiftpage. Prior to Swiftpage’s acquisition of the Act! (www.act.com) software solution, Boullin spent eight years with Sage Software, working with the Act! solution as well as other Sage products in the role of Senior Commercial Product Manager. Prior to that, he was an English law attorney for 10 year, specialising in data protection and information technology law.