By Mike Richardson, Managing Director EMEA, Maximizer Software
In the third of my series of blogs examining some common areas of confusion surrounding the EU General Data Protection Regulation (GDPR), I’ve chosen to focus on the role of technology within your compliance programme.
As a provider of CRM software, we are frequently asked by SME customers if the solution we have implemented for them is GDPR-compliant. This highlights a wider misconception about the role of technology in GDPR compliance.
Myth #3 – “Our data management solutions are GDPR compliant, so we are too.”
Rather than asking if a CRM is compliant, the more appropriate question should be: “How can our CRM help us achieve compliance?” And ideally: “How can it help us turn compliance into opportunity?”
As with any compliance initiative, your approach needs to be multi-faceted, encompassing people, processes and technology. In truth, getting your staff on board is the first step to implementing a successful change management project. Training, and if necessary appointing ‘data champions’ across the business, can help to build buy-in and embed the principles and vision of GDPR into the company’s mind-set even before you go about analysing processes and reviewing technology.
Simply put, you can splash the cash on all-singing, all-dancing information management tools but if your staff aren’t fully attuned to the new era of data protection and don’t follow the right procedures, technology will not save the day for you.
However, as long as you’re putting in the groundwork with your people and processes, technology solutions such as CRM do play a vital role in supporting compliance. For instance, the software offers the ability to pull together your organisation’s data into one central repository and to support the necessary auditing and indexing work; to automate data processing rules and manage preferences and opt-outs; and to integrate data management across other platforms such as an email system. This is an unmanageable task – not to mention highly risky from a compliance perspective – using traditional spreadsheets such as Excel.
Looking beyond legal obligations, there is a raft of commercial advantages to be gained from embracing the tighter data management rules with a positive attitude. For instance, using a CRM to gain full visibility of your data and to embark on a thorough data cleansing exercise will deliver immediate advantages for the sales and marketing team. How many companies’ customer engagement activities have been held back in the past by out-of-date or inaccurate customer information held in sprawling legacy databases? Tracking customer preferences and managing proactive opt-ins (and opt-outs) will give real insight into the interests and buying habits of your customer base and help to inform your future business strategies.
You will also need to establish from your CRM provider (and indeed all of your Software-as-a-Service providers) about the way they store your data. Data centre compliance will come under scrutiny by the regulator so check that your data is being held to strict GDPR standards, especially if that data is held outside the EU.
Let’s finish with the words of the regulation itself. The GDPR strongly emphasises that a blend of “technical and organisational measures” is necessary to achieve rigorous standards of data protection. Talk to your software providers and maximise any opportunities to bring efficiency and automation to your compliance processes, but don’t let technology eclipse the vital need to drive “organisational” change at all levels.
Next – Myth #4 – “We’ve got a mountain to climb.”