Your CRM system can be your best friend when it comes to complying with the new European Union (EU) privacy law. This May, the most stringent privacy laws in the past 20 years go into effect throughout Europe. Called General Data Protection Regulation (GDPR), the new laws provide EU citizens with greater control over their personal data and how that data is used and protected, both in Europe and abroad. Personal data refers to a broad range of information including name, email, address, date of birth, photos, digital footprint, personal interests, social posts and more. The new law replaces the former 1995 Data Protection Directive.
Why the push for updated privacy rules? When the original DPD was issue in 1995, the internet was merely the purview of a small group of early adopters; cell phones weren’t the ubiquitous commodity they are now. All of these technological advances have made the old laws as obsolete as the telegraph line.
All companies, including for-profits and not-for-profits, fall under the new GDPR guidelines. The price for failing to comply with them can be severe. Even if your company is based in the United States, if you sell into the EU, you may be responsible for compliance with GDPR, too.
EU Privacy, Global Impact
GDPR has a widespread effect, impacting both domestic and international organizations, big and small. Any group that uses a database to store prospect or customer information simply cannot afford to ignore the new GDPR regulations. This means that if your organization sells to anyone in Europe and stores customer information in a customer relationship management (CRM) system—and nearly 90 percent of surveyed businesses do store that information in digital databases—you must be GDPR compliant or face significant consequences.
GDPR in Three Parts
Complex regulation such as GDPR may be difficult to break down into small parts, but the following three are the salient points to keep in mind.
- Intention of the regulation: The GDPR is mainly intended to protect the privacy of EU citizens. The new regulations provide assurance for individuals that their data is not collected and/or used without their express consent. This means that any time an individual submits personal information, the company collecting it has to ensure that consent is given. Consent must be obtained freely—no auto-checked boxes that opt someone in—using plain and clear language. This will impact everything from “contact us” forms on your website to future email marketing campaigns.
- Systems used: Not only will you need to audit your systems to ensure that information stored within is secured and consent has been given, you’ll also need to ensure that within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
- Legalities: Non-compliance comes at a steep price. Your organization could be fined up to 4 percent of annual global turnover or €20 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
Updating Your CRM System to Comply with GDPR
Many companies now run validation campaigns. Your CRM system can be used as part of the validation campaign to assist you with GDPR compliance.
Using your CRM system, you can:
- Run a permission pass campaign, a one-time email sent to any contact with an unverified opt-in status asking them to confirm whether or not they still want to receive your emails. Running this campaign on all your email contacts—not just the ones in the EU—not only keeps you compliant with GDPR, but also cleans your database of those who are no longer finding value in your content, leaving you with those who are much more likely to interact.
- Suppress European-based customers from data intended for sharing. While not ideal, this may also keep data from European customers from reaching others and will help you adhere to the GDPR.
- Update privacy and data use policies. Now may be a great time to update your company’s privacy and data use policies and share them through your CRM system with your customer base.
It may feel risky to ask customers to validate their permissions. What if they say no? In the long run, however, you’re much better off ensuring adherence to GDPR and other privacy regulations by asking than by avoiding.
Emerald TC Consulting
Sage CRM can help you run a permission pass campaign to validate opt-in information and adhere to privacy laws. It’s a robust CRM system that integrates seamlessly with other Sage products including Sage 100. Contact us or call 678-456-6919 for more information.