The abbreviation GDPR is currently causing great disquiet and concern within German and European commerce. It stands for the General Data Protection Regulation, and its implementation is every bit as complicated as the concept itself. The new requirements are very confusing and threaten costly sanctions should even a small error occur. Furthermore, time is now short, because all companies must comply with the new guidelines as early as 25 May 2018. It is therefore important to review all internal processes and if necessary, adapt them to meet the new requirements. Where companies use a CRM system to manage their customer data, this should be the primary focus. Because this is the central location where all customer data is stored, this software is the kind of area that will be particularly affected by the changes.
Seamless documentation of all processes
A very important point made by the new regulation is that the burden of proof for the proper handling of data lies with the company. It is therefore not enough just to handle your customer data carefully, in accordance with the regulations. In addition, you must also be able to prove this has been done. Therefore, it is necessary for your CRM system to document all processes related to personal data. For example, if you create a new record, the software must note the date it was created. This feature is already available in some programs, so you just need to enable it. If this is not the case with your present CRM system, it’s important to install a suitable plug-in in good time. In addition, it may also be necessary to adapt current workflows to capture all the details that will be required.
Inform customers about data collection
The obligation to inform is now an important part of GDPR. When you collect a customer’s information, you must immediately inform him about how it will be used. Simple operations, such as lead generation, already oblige companies to give precise information about the nature, scope and purpose of data storage. In addition, if you want to save such data, this is only allowed once the customer’s explicit consent has been obtained. Therefore, you are obliged to include a suitable procedure for this purpose – for example, a double opt-in confirmation. It goes without saying that you must also archive these consents in order to fulfil your obligation to provide evidence. Again, your CRM system should provide the necessary functions. You also need to record which communication channels – such as email, phone or mail – that the customer has specified for contact and be sure to follow these instructions.
Right to information, correction or deletion of data
The new law gives your customers the right to obtain information about storage of their data, at any time. They may enquire about the purpose of processing, the method of data acquisition, the location where data capture occurs and the period of data storage. In order to be well prepared for these requests, it is important to ensure your CRM system can collate all the information it holds about a customer. This requires a feature that automatically creates a PDF document that you can print and hand out in seconds. In addition, customers have the right to have their personal data changed or deleted at any time, so your CRM system must also be optimized to carry out this task.
Beware of data storage in the cloud
Special care should be taken when your CRM system stores customer data in a cloud. In that case, you must check that your provider complies with the relevant regulations. In general, it is therefore recommended to choose a cloud server within Europe. Here, the operator is subject to the same data protection laws, so it can be assumed they also comply with all regulations. Alternatively, you can retrofit your system in order to save the data on your own company server, thus ensuring you are able to comply with the regulations. In addition to the new GDPR obligations described in the above paragraphs, there are also many other new requirements for your CRM system, so it’s very important to conduct a timely check to see whether it can provide all the necessary functions, and make any adaptations as required.
This article was originally published on LinkedIn.
