The General Data Protection Regulation (GDPR) comes into force in May of this year. It is an EU regulation that has caused some concern in the business community, particularly as significant numbers of business owners don’t feel ready for it. Compliance is the key issue here – a lack of understanding of how to make business systems, such as a CRM, compliant and also of the implications of this new, stricter approach to data. However, with new, much more stringent penalties coming into play with the GDPR, if you’re not GDPR ready then now is the time to take action.
Compliance with the GDPR requires a shift in attitude
For a long time, the business approach to data has been quite opaque and perhaps even a little careless. With the GDPR this is all set to change. Transparency and accountability are the new principles to follow and consent has become a key issue, from consent to obtaining data in the first place, to withdrawing consent at a future date. For those using a CRM this presents a unique set of issues that need to be addressed to ensure that the business as a whole is GDPR ready.
Some key GDPR considerations
The new rules on consent. You must now have clear and informed consent when it comes to data access and if you’re dealing with a minor then that consent needs to come from the appropriate adult. This change will have widespread implications for the way that businesses communicate with consumers – for example, if you’re using a CRM to market via email then the process of obtaining permission to send those emails may need to be adjusted.
Data shelf life. According to the GDPR most businesses shouldn’t be holding on to personal data for more than the length of a product warranty period. So, data that just sits there gathering dust for decades could be seriously problematic for businesses going forward. In general, it depends on the individual business needs. However, now is a great time for those working with a CRM to reassess how long data within it is held and whether a new release and delete process might be required.
Data breach. It’s no longer possible to hide or disguise a data breach if this happens to your business. New rules mean that once the GDPR kicks in this year businesses will have just 72 hours to report a data breach. This could have a very wide range of implications for internal systems, from tightening up security to introducing new ways to identify and report any problems that arise.
Protected data. With the arrival of the GDPR, the range of data that has become protected is much broader than before. Everything from economic data to that which indicates cultural identity could trigger the provisions of the GDPR.
With the new rules in the GDPR come new penalties (e.g. fines of up to 4% of annual global turnover or €20 million) that mean it is crucially important to ensure your business is prepared for the GDPR this year. If you’d like to find out more about a CRM that is GDPR ready please get in touch.