Every successful sales organisation relies on a solid CRM-system in order to build and sustain client relationships.
The CRM-system contains all individual client data that defines that clients relationship with your company. What kind of information they are interested in, which method of contact they prefer and what the client appriciates in service from you.
This individual knowledge builds warmer relationships and can scale up within the system and makes it possible to sort out your sales and marketing actions.
What is the use of sending a catalouge to a client that has said they want everything sent digitally? What is the point of an invitation to play golf if the client does not play?
By now, you are surely aware of the new data protection legislation that will be in place the 25th of May 2018. GDPR replaces PUL and when learning more about GDPR it is high time to reflect over what it will mean for your work with CRM. So – what will rule?
Is it still allowed to secure individual data?
Yes. And no. Let’s sort that out a bit later.
First – this is GDPR
GDPR (General Data Protection Regulation) is valid within the EU.
In Sweden GDPR replaces ”personuppgiftslagen” or PUL, which was established in 1998 and has evolved much since then. This, of course, because of the rapid evolution in technology. When complex information can be carried around in a smartphone the need of information security increases, so that we can be comfortably secured in how information about us is handled.
Personal Data is defined as all data that can contribute to the identification of an individual person. Tech data, like for example an IP-address, is also included as well as any information that can collected over time.
Does this sound terribly hard and troubling?
Sure – the introduction of GDPR will demand more, but there is also a potential pot of gold waiting at the rainbow’s end.
The introduction of GDPR will harmonise the EU market in a way that PUL and it’s European counterparts can’t. There is too much differences between the different countries legislations. This is very positive considering that data, and by that businesses, rarely stays in one country. A smartphone obviously never know where it is and your business proposal flows over borders through your webpage or e-commerce platform.
Let us point out the crucial parts regarding how GDPR will affect your work with CRM:
- Number one: it is your responsibility as a company to secure the personal data you store. What does that mean in practice? Here are some guidelines;
- Communication: you must secure an unambiguously consent from the individual you are collecting data about before you start collecting. It must be clear in which context the collected data will be used and for how long it will be saved. The collected information is then allowed to use in that context only. Supplier/client agreements is perhaps a good example of an additional context where some personal data needs to be used.
- Portability: the client must have access to their data to be able to change supplier.
- Deletion: the client must be able to ask you for full deletion of their personal data at any time, and you must comply.
- Access: the client must be able to access the personal data you have collected about the client.
- Correction: the client must be able to have their data easily updated.
- Marketing: the client must be able to opt out all directed marketing based on your individual knowledge about the client.
So – what do you need to do in order to comply?
Here are some helpful tips:
- Make sure you fully understand all aspects of the information you are gathering from your cients. Define and decide which information is relevant and disconnect information that is not. Limit yourselves to the kind of information that is really important to you. Just because your CRM-system offers a lot of options, you are not obligated to use them. Less is less.
Avoid free text functions, because they are naturally harder to restrict.
- Automate your processes for updating and deletion of data and set up rules. You must offer clients deletion of their data, and that sometimes sounds easier than it is. Set up an expiration date for collected data based on your client lifecycle. When a client is no longer active, the information can be erased at a given time.
- Manage security protocols. Think in terms of customized permissions and make use of available IT-technology around two-factor authentication. When one of your employees leave it must be easy to remove this person from the CRM-system and shut all entrypoints – both mobile and stationary.
- Document your processes that applies to your clients, everything from lead generation to inactive accounts – which data is handled and to what purpose?
- Work with ongoing improvements and make sure your processes is in sync with your business processes.
Great Group in co-operation with Koneo and Glimstedt lawfirm offers complete consultation support regarding GDPR and Sales.
Contact us for further information.