When you are using CRM in business (or collect customer data in other ways), it is important to stay current on data protection laws. This month sees one of the most significant changes to European Union (EU) privacy law in 20 years go into effect: the General Data Protection Regulation (GDPR). This new regulation gives EU citizens greater control over their personal data and how that data is used and protected, both in Europe and abroad. What constitutes “personal data”? More than you might think. According to GDPR, “personal data” refers to everything from name, email, address, date of birth, personal interests, photos, digital footprints, social posts, and more.
GDPR will replace the long-outdated 1995 Data Protection Directive. The legislation imposes new and stronger rules on companies, non-profits, governments, and any other organization that provides goods and services to individuals in the EU. No matter where in the world you’re headquartered, if your company sells across any of the EU borders, you need to comply with GDPR.
GDPR impacts both domestic and international organizations, big and small. Any group that uses a database to store prospect or customer information simply cannot afford to ignore the new regulations. This means that if your organization sells to anyone in Europe and stores customer information in a customer relationship management (CRM) system—and nearly 90 percent of surveyed businesses do store that information in digital databases—you must be GDPR compliant or face significant consequences.
The 3 GDPR Considerations You Need to Know
GDPR is a fairly large and complex regulation, but it can be broken down into three main areas that businesses need to understand:
- The Regulation Itself: The GDPR is mainly intended to protect the privacy of EU citizens. The new regulations provide assurance for individuals that their data is not collected and/or used without their express consent. This means that any time an individual submits personal information, the company collecting it has to ensure that consent is given. Consent must be obtained freely—no auto-checked boxes that opt someone in—using plain and clear language. This will impact everything from “contact us” forms on your website to future email marketing campaigns.
- The Systems You Use: Not only will you need to audit your systems to ensure that information stored within is secured and consent has been given, you’ll also need to ensure that within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
- The Legal Aspects and How They Affect You: Non-compliance is not cheap. Your organization could be fined up to 4 percent of annual global turnover or €20 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
CRM in Business … and GDPR Compliance
The good news is that while businesses are validating security and protection for their EU customers, those validation campaigns can do double duty of removing disengaged contacts from CRM business systems, prompting email marketing campaigns with a spike in both open and click-through rates.
You can do this by running a permission pass campaign, a one-time email sent to any contact with an unverified opt-in status asking them to confirm whether or not they still want to receive your emails. Running this campaign on all your email contacts—not just the ones in the EU—not only keeps you compliant with GDPR, but also cleans your database of those who are no longer finding value in your content, leaving you with those who are much more likely to interact.
Asking contacts to confirm their opt-in status feels risky—what if they opt out? —but it is truly the best and safest way to clean your contact lists and comply with GDPR.
Safeguard Customer Privacy
With GDPR in full effect by May 25, 2018, now is the perfect time to comb through your CRM system and update data for compliance and better business returns. Not only will an up-to-date system keep you compliant, but your company has an extra measure of confidence in the accuracy of the data stored in your CRM.