The EU General Data Protection Regulation (GDPR)
Changes to the governance of data have far-reaching consequences for your business. The new General Data Protection Regulation (GDPR) determines how your organisation does business, and particularly how it manages, protects and administers data in the future.
Is your CRM GDPR compliant?
Many systems claim they are GDPR compliant although are yet to introduce new functionality specifically for the changes in regulations.
Here at FIVE CRM, we have invested in creating our own Personal Data Rights Management System, which is designed to provide organisations with the functionality needed to be GDPR compliant.
Our latest functionality includes:
Management of lawful reason information for every contact
The regulation states that every contact within your database must have a lawful reason for being there.
There are six allowable reasons:
1. You have consent from the individual
2. It is necessary for the performance of a contract with the individual or to take steps into a contract
3. It is for the purposes of legitimate interests pursued by the controller or a third party
4. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
5. It is to protect the vital interests of a data subject or another individual
6. It is needed for the compliance with a legal obligation
Ability to store extensive details for consent reason by channel and category
As well as a reason for storing a contact within a database you must also have details as to which channel and category they would like to be contacted through.
Channels could include:
Categories could include:
> Pet Insurance
> Customer Service
Complete management of “Right to be Deleted”, including backups
If an individual asks to be deleted from your system you must do so within a month, and you must be able to give proof of the deletion.
GDPR and ePrivacy compliant email campaign management
All tracking of email campaigns will be against the new regulation, therefore you must be able to turn extensive tracking off.
“FIVE CRM have proven to be proactively working to make their CRM GDPR compliant on multiple levels”
SierraBravo Consultancy Ltd
What is it?
The General Data Protection Regulation (GDPR) is a new European ruling, which governs the data protection rights for all individuals within the European Union. It serves to strengthen and unify all data protection rules and practices across the EU.
What is changing?
GDPR will put the power back into an individual’s hands. They will gain the rights to access, amend, and restrict the personal data organisations have about them.
In the unfortunate event that an organisation suffers a data breach which could compromise the security of individual’s personal data, those individuals must be told within 72 hours of the start of the breach.
Individuals also have the “right to portability”, this is the right to move data and services to another provider with no hassle or strings attached.
The greatest change within GDPR is the way consent is granted. Consent must be knowingly and willingly given by the individual, with organisations making their intentions for data use made clear. Soft opt-ins, implied consent, and hiding data policies within confusing T’s and C’s are all against GDPR rules.
Organisations must keep a record of why, when and how they were granted permission. There must also be details of what they were told at the time. If oral permission was granted, a script of what was said will work fine, call recordings are not essential.
Right to be forgotten
Individuals will have the right to retract consent at any time, and have the “right to be forgotten”, which means that if they request an organisation to delete their data, it should be done so immediately. It must be deleted from all backups, and the organisation should have proof of the deletion.
Right of access
Every EU citizen will have the right to ask how an organisation is using their personal data, where it’s used and why. They also have the right to request a digital copy of the data that is being held about the individual.
Right to object
All individuals will have a legal right to opt out of marketing communications. If an individual does opt out you must withdraw them from that activity immediately.
“There’s a lot in the GDPR you’ll recognise, but make no mistake, this one’s a game changer for everyone.”
ICO Information Commissioner
Who does it apply to?
The new regulation will apply to any organisation around the world, who deal with EU residents. While there is a possibility it can change, it currently applies to both B2B and B2C.
What will you be able to do?
You can call and email organisations, as these are generic and not personal data.
It is currently unclear by the EU and ICO if you can contact potential clients through social media platforms.
Take action now!
You must be compliant of this regulation by 25th May 2018, otherwise you could face penalties of up to €20 million or 4% of your companies worldwide annual turnover (whichever of the figures are greater).
Want to know how GDPR compliant your organisation is, why not take our quiz?