If you sell product in the European Union (EU), you need to prepare for the new General Data Protection Regulation (GDPR). The GDPR, which goes into effect on May 28, 2018, is one of the most significant changes to EU privacy law in 20 years.
The GDPR replaces the 1995 Data Protection Directive that was in place long before the full impact of the internet was felt in business. With all the technological advances since that time, the EU created the GDPR to impose stronger regulation on companies and others that provide goods and services to people in the EU. The GDPR provides citizens of the EU protection over their personal data including name, address, date of birth, personal interests, photos, digital footprints, social posts, and more.
Global Businesses are Affected
GDPR has a widespread effect, impacting both domestic and international organizations, big and small. Any group that uses a database to store prospect or customer information simply cannot afford to ignore the new GDPR regulations. This means that if your organization sells to anyone in Europe and stores customer information in a customer relationship management (CRM) system—and nearly 90 percent of surveyed businesses do store that information in digital databases—you must be GDPR compliant or face significant consequences.
3 Things You Should Know about GDPR
GDPR is a fairly large and complex regulation, but it can be broken down into three main areas that businesses need to understand:
- The Regulation Itself: The GDPR is mainly intended to protect the privacy of EU citizens. The new regulations provide assurance for individuals that their data is not collected and/or used without their express consent. This means that any time an individual submits personal information, the company collecting it has to ensure that consent is given. Consent must be obtained freely—no auto-checked boxes that opt someone in—using plain and clear language. This will impact everything from “contact us” forms on your website to future email marketing campaigns.
- The Systems You Use: Not only will you need to audit your systems to ensure information stored within is secured and consent has been given, you’ll also need to ensure that within your company, system users only have the permissions and access privileges they need for their specific role. Certain individual records and data fields, such as tax information or bank account numbers, may need to be restricted from your standard user access.
- The Legal Aspects and How They Affect You: Non-compliance is not cheap. Your organization could be fined up to 4 percent of annual global turnover or €20 Million if you are not GDPR compliant. Other fines may also be imposed, such as a 2 percent fine for not having records in order, not notifying when a breach occurs, or not conducting impact assessment.
Using Your CRM for GDPR Compliance
The good news for businesses is that while they are validating security and protection for their EU customers, validation campaigns can also do double duty of removing disengaged contacts from CRM systems, prompting email marketing campaigns with a spike in both open and click-through rates.
You can do this by running a permission pass campaign, a one-time email sent to any contact with an unverified opt-in status asking them to confirm whether or not they still want to receive your emails. Running this campaign on all your email contacts—not just the ones in the EU—not only keeps you compliant with GDPR, but also cleans your database of those who are no longer finding value in your content, leaving you with those who are much more likely to interact.
Asking contacts to confirm their opt-in status feels risky—what if they opt out? —but it is truly the best and safest way to clean your contact lists and comply with GDPR.
Accounting Systems, Inc. (ASI)
Ensure your CRM systems are up to date and ready for the May 25, 2018, roll-out of GDPR. ASI offers consulting services to help you implement best practices in every facet of your business, including CRM implementation. Let us help you meet the demands of international business. Contact us to set up a time to discuss your needs.