GDPR and Your CRM: Preparing for the New Regulations
One of the most significant changes to European Union (EU) privacy law in 20 years goes into effect this May. The new General Data Protection Regulation (GDPR) provides EU citizens with greater control over their personal data and how that data is used and protected, both in Europe and abroad. In this case, “personal data” can refer to everything from name, email, address, date of birth, personal interests, photos, digital footprints, social posts, and more. GDPR will replace the 1995 Data Protection Directive that was formed long before web technology matured, and before clouds were anything other than meteorological phenomena.
With all the new technological advances, it was time to update legislation from the Data Protection Directive, giving birth to the GDPR. This new legislation imposes new and stronger rules on companies, non-profits, governments, and any other organization that provides goods and services to individuals in the EU.
If you sell internationally, this means your business, too.
GDPR has a widespread effect, impacting both domestic and international organizations, big and small. Any group that uses a database to store prospect or customer information simply cannot afford to ignore the new GDPR regulations. This means that if your organization sells to anyone in Europe and stores customer information in a customer relationship management (CRM) system—and nearly 90 percent of surveyed businesses do store that information in digital databases—you must be GDPR compliant or face significant consequences.
3 Big GDPR Considerations
GDPR is a fairly large and complex regulation, but it can be broken down into three main areas that businesses need to understand:
- The Regulation Itself: The GDPR is mainly intended to protect the privacy of EU citizens. The new regulations provide assurance for individuals that their data is not collected and/or used without their express consent. This means that any time an individual submits personal information, the company collecting it has to ensure that consent is given. Consent must be obtained freely—no auto-checked boxes that opt someone in—using plain and clear language. This will impact everything from “contact us” forms on your website to future email marketing campaigns.
- The Systems You Use: Not only will you need to audit your systems to ensure that information stored within is secured and consent has been given, you’ll also need to ensure that, within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
- The Legal Aspects and How They Affect You: Non-compliance is not cheap. Your organization could be fined up to 4 percent of annual global turnover or €20 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
Updating CRM for GDPR Compliance
The good news for businesses is that, while they are validating security and protection for their EU customers, validation campaigns can also do the double-duty of removing disengaged contacts from CRM systems, prompting email marketing campaigns with a spike in both open and click-through rates.
You can do this by running a permission pass campaign, a one-time email sent to any contact with an unverified opt-in status asking them to confirm whether or not they still want to receive your emails. Running this campaign on all your email contacts—not just the ones in the EU—not only keeps you compliant with GDPR, but also cleans your database of those who are no longer finding value in your content, leaving you with those who are much more likely to interact.
Asking contacts to confirm their opt-in status feels risky—what if they opt out? —but it is truly the best and safest way to clean your contact lists and comply with GDPR.
Privacy is important to all of us, both personally and professionally. Ensure that your CRM systems are up-to-date and ready for the May 25, 2018, roll-out of GDPR. Acumatica and Sage Software Select business partner Mindover Software offers consulting services to incorporate best practices for every facet of business, including CRM implementation and updates to accommodate GDPR, and any other regulation that comes. Let us help you meet today’s international business demands and prepare you for future success. Contact us today to get started.