Post by Gary Hibberd | 

As most of us recognise, protection of data is pretty important. It’s important to us, our suppliers, clients and customers. But the laws governing data protection have been slow to keep up with the changes in the way data is created, shared, stored and managed. This is all about to change, and its change comes in the form of the EU General Data Protection Regulation (GDPR) which comes into force on the 25th May 2018.

Now before we get into any kind of detail, don’t stop reading here because you’ve seen the letters ‘EU’. This is not JUST about organisations based in the EU. The GDPR applies to processing of data by organisations that are based in the EU, and it also applies to organisations outside of the EU that offer services or good to people who are registered as EU citizens. This means that if you sell to, work with, supply to or employ anyone who is an EU citizen, then you need to consider the impact that the GDPR might have on you and your organisation, irrespective of your location on the planet.



A Good Data Protection Regulation

This is a good regulation because it takes into account the needs of the individual rather than some vague concept of ‘data’. The regulation is far reaching because it needs to be. Organisations will need to demonstrate how they are acting fairly and treating data with the respect it deserves. The principle of ‘accountability’ is a central theme of the GDPR, and organisations that can’t demonstrate that they are taking appropriate measures to protect personal information may find themselves suffering considerable reputational and financial damage, with fines which can be as high as 4% of global turnover or €20 Million (whichever is greater).



A Good Customer Relationship Manager

The GDPR requires organisations to look carefully at the data it holds and through its six principles, consider the ways that personal information is being held. If you don’t use a CRM solution, but rather rely on a disparate set of tools to manage customer data, then you’re going to have to review how each operates and how you can demonstrate compliance for each system.

A good CRM system puts you in control of the data, and gives you full view of it, which is part of the first principle of the GDPR – i.e. there is transparency about the use of data. A CRM system should allow you to identify and record the source of the data, what the legitimate purpose/use of that data is based on ( consent, contractual obligation, legitimate interest), and when that record was created. The ability to know when the record was created is important as it ensures you don’t hang-on to data for longer than is necessary (Article 5(b)). This also leads us on to one of the fundamental rights that individuals have, which is the ‘Right to Erasure’ (Article 17) also known as the ‘Right to be forgotten’. Should a data subject make such a request, it would be difficult to exercise without there being a CRM solution in place, which would mean you could be in breach of the GDPR.

For those wishing to market to individuals, then having the data in a structured format, which is controlled and understood means that you are less likely to make mistakes when conducting email marketing campaigns.

All this said, it’s worth remembering that the GDPR is not intended to put up barriers to business, but rather asks that businesses understand what data it holds, why and how it is controlled. Without a CRM system, it would be difficult, for instance, to be able to demonstrate that someone has opted ‘in’ or ‘out’ of marketing campaigns.



Does CRM equal GDPR Compliance? No.

A good CRM system enables you to easily demonstrate that you are in control of the data you hold, that it is being managed effectively; and should the need arise, it can be updated, corrected or removed quickly and easily. These are fundamental rights of data subjects and requirements of the GDPR.

It’s important to note that there is a lot of work to do around the GDPR. It’s not all about buying a CRM solution and thinking it will address all your GDPR needs. But without a CRM in place, it is difficult to imagine how you can demonstrate that you are in control of your customer data. The quickest and simplest route to ensure that your data is managed effectively is by using a structured CRM system.

I believe the GDPR is all about ‘Giving Data Proper Respect’, and if that’s true, then having a CRM system simply means ‘Clients Really Matter’.