The deadline was given back in May 2018 and every person in the land was talking about it and we were all feeling rather overwhelmed and dare we say it, fed up of hearing about it.
Memes and GIFs were created in the thousands but we’ve got to admit, since the 25th May 2018, our inboxes have never been cleaner.
Hobut recently discussed what GDPR was, what we were to expect and what was needed to prepare for it, not forgetting the warnings of many thousands of pounds in potential fines for not being compliant (up to 4% of turnover).
In short, the new rules mean individuals have:
The right to access – the right to request what data is held and how it is held;
The right to be forgotten – customers have the right for their information to be deleted;
The right to data portability – customers can request their details to be transferred from one provider to another;
The right to be informed – customers must be informed prior to information being collected;
The right to have information corrected – customers have the right to correct information if it is out of date, incomplete or incorrect;
The right to restrict processing – this means customers can ensure your data is held but not used;
The right to object – customers have the right to have their data stopped from being used for direct marketing and any request must be stopped immediately;
Manufacturing businesses are now looking at ways of capturing data and following different strategies of acquiring customers. No longer can you collect masses of business cards to add to your database or search people on the internet and store their data with the intention of prospecting them.
So, what can manufacturers or any company for that matter, do to compliantly and maintain a healthy CRM system?
1. Collection of data. Your company policy will dictate what the systems need to do to support your compliance position. Simply having a CRM system that just collects personal data doesn’t make it compliant. If your policy states that you only need name, address, and email information to carry out the required management/service to your customers then your CRM needs to be configured so that this is all it is able to store. Your CRM should then not allow users to enter personal details such as age, marital status etc. If it does allow this information to be stored, then the CRM system is not compliant because it is not following the policy which has been defined around the agreed business need.
Then there is the additional key information such as emails, transactional history, orders, enquires and previous conversations etc. to consider. All Users of the CRM system need to be informed and trained on the implications of GDPR and the use of the CRM system. A CRM system will hold records about individuals you sell to. It is important you can identify where, when and how the record got into your system. Typically, the ‘Source’ field of a Lead or Customer record is going to answer that question.
2. Marketing via Email. If you use your CRM system to market via Email then you need to implement an Opt-In process for gaining permission to email to that individual and stating when you gained that email address for your list, and what you intend to do with that address. E.g. If you get the individuals details about Product A and then you start emailing them about Product B, this could be deemed as a breach of GDPR. By using a double opt-in, not only has a user subscribed to a newsletter, mailing list or other email marketing messages by explicit request but he or she also confirmed the email address is their own in the process.
3. Duration of records. How long can CRM hold a person’s data? The GDPR legislation has rules around the polices which mean depending on your specific business needs, there may be limitations in terms of the extent of this data, the length of time it may be reasonable to hold this data etc. The legislation indicates that say beyond a product warranty period, there would be no reasonable need for a company to retain that person’s data. Your policy would need to state a case as to why a longer retention period is appropriate. However, with just the subject area of emails, there is complexity. Does this include all emails a person has simply been copied on? If emails are stored in CRM, then there is the double issue of managing this whole area in both your email service and CRM.
4. Backup of Data. There is also the consideration of backups and archiving. For example, you are using an online hosted instance of a CRM, you need to understand what the archiving and backup processes of that online systems are such that if your policies state that you will delete any records of a certain nature that are greater than N years old, then that can be done and you know that that will be done through the backups and archiving taken place with your online instance.
5. The right to be forgotten. When it comes to an individual requesting an update of their information, a report of what information you hold on them, or if an individual requests the right to be forgotten, then your policies need to define the requirements that your system needs to be able to support. Clearly, good data quality is going to be an even greater requirement for GDPR than it has been to date to simply make CRM work efficiently. When such requests are made, high quality data will make it easier to ensure you identify the right person and that that person only has one record in your system. Therefore, any actions required can be carried out in confidence. Knowing that if a person simply requests not to be contacted, i.e. unsubscribes, that as there is only one record, they will not receive further communications because they have a duplicate entry in the CRM that was missed.
6. Review your user’s access rights – look at all your users and which access rights they have to your CRM system. Good CRM systems will allow different levels of user access to be defined – who can see what information, change it or delete it.
For smaller companies, one option is to consider outsourcing your sales and marketing and CRM to a company like Virtual Assistant Agency.
Companies like these are a great way of taking the pressure off – for example, by:
1. Allowing them to go through the laborious task of cleansing your data. Do you have the right information on file? Is your contact still happy to receive information from you? Having clean, up-to-date data means that you will be more efficient, and your end result will be more successful.
2. Allowing them to generate sales leads for you, as an extension to your sales team, so that you can concentrate on your conversion.
#gdpr
#compliance
#CRM
#compliantCRM