One of the most sensitive data pipes in every big organization is the CRM (Customer Relationship Management), which contains all of the private information of both the company and their clients.
The General Data Protection Regulation (GDPR) is a new regulation affecting how businesses can collect and handle the personal information of EU citizens.
Even if your business isn’t based in the EU, you’re still responsible for complying if you collect and process data of EU citizens. Here’s an overview of the 8 rights GDPR grants people in relation to their personal data:
- The right to be informed about their personal data being collected and how it’s used.
- The right to access all personal data a business may have about them.
- The right to rectification — Ability to correct inaccurate or incomplete personal data.
- The right to erasure — It must be possible to easily and securely delete their personal data at their request.
- The right to restrict processing — Individuals must be allowed to block processing of certain personal data.
- The right to data portability — Individuals must be allowed to obtain and use their own personal data.
- The right to object — Individuals have the right to refuse direct marketing and processing of their personal data.
- The right not to be subject to automated decisions — Individuals can request and receive human intervention rather than relying on algorithms for important decisions.
As you can see, these 8 rights have an impact on how you collect data and use it within your CRM system.
Obtaining Proper Consent
GDPR mandates that you must have a “lawful basis” to process personal data. Lawful basis covers a lot of areas, but for marketers the main point is to obtain proper consent from their audiences before collecting and using their data.
If your CRM system helps you collect data on contacts as well as organize/analyze it, it needs to be able to create GDPR compliant opt-in forms. When someone creates an account with your business or offers up information in exchange for a lead magnet, they need to be able to actively check a box confirming their consent that you use their data. It should also explain clearly why you need the data and what you plan to use it for.
If you use a tool like Hubspot or Salesforce, it should be fairly easy to meet this requirement using custom fields on your signup forms. You can create your own checkboxes and customized text explaining your processing reasons.
Make sure whatever CRM you use has a system for recording consent, when and how you got it, and any updates that are made to consent information. You should be able to see and verify that consent was obtained for individual contacts in your database.
For instance, Hubspot’s CRM has features that make it possible to record the legal basis with your CRM for processing a contact’s data.
Under GDPR, your contacts also have the right to change or withdraw their consent after it has been given. There must be an intuitive way of doing this that doesn’t require them to contact your customer support. That’s where subscription management features come in.
Your email messages should include options to unsubscribe and/or manage their subscription. This should take individuals to a portal where they can select/deselect what kind of marketing content they want to receive. Microsoft Dynamics, Hubspot, and other top CRM tools should have unsubscribe and email preferences compliant with this need.
That said, for many businesses, email isn’t the only marketing channel you’ll manage with your CRM. Contacts should be able to opt in or out of different forms of communication (email, phone, SMS, etc.) as well as specific marketing messages.
Data Management Features
To gain GDPR compliance, you’ll likely need to make a lot of changes to your contact database. A CRM with the right data management features can help you save a lot of time in this process.
After evaluating what personal data you have, you need to make changes to record where the data came from, your legal basis for having it, and what it will be used for. Instead of making these changes by hand with individual contact cards, you should be able to create rules to bulk update your records.
GDPR also requires that individuals have the right to request access to their data. Your CRM software needs to have features that make it possible to quickly export contact data when they ask for it. Check your CRM to see if it has data export features so you can download information from your customer database. You should be able to export the personal data of individual people to CSV files that you can send out at their request.
GDPR goes into full effect in May, but many businesses and data management tools are scrambling to ensure they meet regulatory guidelines. Rather than wait around until regulators start punishing businesses for noncompliance, it’s better to be proactive and take necessary steps today. Look into a CRM solution that is fully compliant with GDPR requirements to ensure you have the right and ability to properly manage personal data