Organisations that have a customer relationship management (CRM) system in place will be well-versed in handling large volumes of personal data, and – in theory – prepared for the EU General Data Protection Regulation (GDPR). They will be used to keeping names, email addresses and dates of birth secure, and updating information when it’s out of date, which are central to GDPR compliance.
However, there is a lot more to compliance. Even the most disciplined organisations have had plenty of work to do, and with the Regulation taking effect on 25 May 2018, time is running out for those that haven’t started.
Organisations need to be prepared for the GDPR’s expanded definition of personal data. They also need to follow new rules for collecting personal data, go to greater lengths to keep that data secure and make sure they have a system in place to cope with individuals’ strengthened rights regarding access to and rectification or erasure of their data.
Failure to meet these requirements (or the many others in the Regulation) could lead to severe disciplinary action, including fines. As such, it’s paramount that organisations’ CRM systems are equipped to meet the GDPR’s compliance requirements. This isn’t as simple as adding components to your existing CRM system, though. The Regulation emphasis the need for privacy by design, meaning your system needs to be overhauled, addressing security at the outset of the project.
Some CRM software providers have already redesigned their systems in preparation for the GDPR, but it’s important to check that yours meets the GDPR’s compliance requirements fully and that you know what to do. This includes:
- Documenting the lawful basis for processing personal data;
- Ensuring that data is only kept for as long as it meets that basis;
- Ensuring that data is accurate and up to date; and
- Sectioning off sensitive data so that only approved personnel can access it.
As you prepare for the Regulation, remember that compliance shouldn’t be viewed as a bureaucratic burden. The GDPR and CRM both focus on developing trust between organisations and individuals, and compliance with the GDPR will lead to a stronger relationship with your clients and a more efficient CRM.
Learn more about the GDPR
The GDPR will lead to widespread changes across your organisation, so it’s important that you know what needs to be done. EU GDPR – A Pocket Guide will help you gain a clear understanding of the Regulation. Written by Alan Calder, IT Governance’s founder and executive chairman, this book explains:
- The terms and definitions used in the Regulation;
- The most important compliance requirements; and
- How organisations can comply with the GDPR.