What You Need to Know About GDPR Compliance
Now is the time to ensure your company complies fully with GDPR
If you haven’t heard about GDPR, now is the time to read up on it and ensure that your company complies fully with the new regulations. GDPR provides a comprehensive update of European Union data collection, storage, and usage laws and is the biggest change to these laws since 1995.
In the past two decades, data collection, usage, and storage has undergone a revolution akin to moving from spinning wheels to the mass manufacturing of cloth; in other words, it is a Data Revolution, similar to the Industrial Revolution. Back in 1995, cell phones were just that—phones—and the only way to connect to the internet was through a cumbersome, squealing thing called dial-up that ran through (gasp) an actual telephone line. People didn’t think too much about their data. The worst thing that could happen was an onslaught of junk mail from your data shared to other companies.
Today, the world is quite a different place. We leave data footprints every time we log into our cellphones, laptops, tablets, or other devices. Our likes, dislikes, preferences, ideas, family and friends is all tracked through keystrokes and breadcrumbs.
The new General Data Protection Regulation (GDPR) provides EU citizens with greater control over their personal data and how that data is used and protected, both in Europe and abroad. In this case, “personal data” can refer to everything from name, email, address, date of birth, personal interests, photos, digital footprints, social posts, and more.
“So what?” you may be thinking. “What does that have to do with me? My company is based in Canada.”
That may be true, but if your company conducts business with anyone in the E.U., GDPR applies. The penalties for noncompliance are stiff and range from warnings to millions of dollars in fines. It is vitally important that companies worldwide understand and comply with GDPR.
Fortunately, most businesses already have a tool in place to comply with GDPR: their CRM systems.
Considerations for Compliance
GDPR is a complex law. For most companies who do not actively seek or conduct business in the EU, there are three areas that cover the gist of the law.
- Regulations: The GDPR is mainly intended to protect the privacy of EU citizens. The new regulations provide assurance for individuals that their data is not collected and/or used without their express consent. This means that any time an individual submits personal information, the company collecting it has to ensure that consent is given. Consent must be obtained freely—no auto-checked boxes that opt someone in—using plain and clear language. This will impact everything from “contact us” forms on your website to future email marketing campaigns.
- Systems: Not only will you need to audit your systems to ensure that information stored within is secured and consent has been given, you’ll also need to ensure that within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
- Legal Impact: Non-compliance is not cheap. Your organization could be fined up to 4 percent of annual global turnover or €20 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
Updating CRM for GDPR Compliance
You can use your CRM system to validate security and protection for EU customers. A permission pass campaign, a one-time email sent to any contact with an unverified opt-in status asking them to confirm whether or not they still want to receive your emails, is a great first step to help you comply with GDPR. Running this campaign on all your email contacts—not just the ones in the EU—not only keeps you compliant with GDPR, but also cleans your database of those who are no longer finding value in your content, leaving you with those who are much more likely to interact.
Set up your CRM system with the appropriate message and response mechanism and send to all customers, not just those in the EU. Ask everyone to confirm their permission on your list now and save the records to prove that you ran this important compliance step.
Although it may feel risky to run a permission pass or opt-in validation campaign, it is a simple move that could go a long way to help your company comply with GDPR.
For more information about using your CRM system to comply with GDPR or to learn more about Sage CRM, please visit IWI Consulting Group or call 1-866-916-3851.