GDPR: how a good CRM system can help you to comply

GDPR is without a doubt the star issue these days, given that all of us, companies of all sizes and sectors, public or private, must prepare to comply with it. Allow us to remind you once again that it comes into force on 25 May 2018 and that the cost of failing to comply with it is really high. The penalty could be as high as 20 million euros or 4% of the overall turnover, whichever is higher.

And we mean every business because GDPR aims to ensure the privacy of the data belonging to EU residents, providing greater control over what is done with our data. The truth is that, to a greater or lesser extent, every organisation around us handles third-party personal data.

Solutions such as SugarCRM are affected by the new regulatory framework, precisely because their “core” elements are related to handling personal data for marketing and sales activities. For manufacturers, the trust of their customers is paramount. This trust fuels their permanent investment in and approach to data protection.

Advanced customer relationship management solutions, such as SugarCRM, go beyond simply collecting data: they qualify leads, monitor opportunities, case resolution scripts, annual accounts plans and even customer journey maps.

The controller (any person or organisation that initiates the collection of personal data, either directly or indirectly) must ensure that the default option is to use only the personal data required for each specific purpose for which consent was given. This is an aspect we must not forget.

Therefore, mechanisms must be put in place to implement, automate and monitor standard procedures. Data are like the blood of the organisation and the CRM system is the heart that pumps it and allows it to flow to all the departments, supplying multiple parts of the business.

Let’s briefly explain the purpose of the GDPR. Its provisions ensure the right to be forgotten, to delete data, restrict its use, require the notification of safety breaches (limited in time: a maximum of 72 hours), rights regarding the transfer and portability of data, and transparency in the use of data. And besides all that, it requires the explicit consent of the owner of the data to be used.

The competitive advantage that SugarCRM provides

In a recent study by IDR Research España on the impact of the GDPR on Spanish businesses, we found that 36% of these see the new regulations as a competitive advantage or an opportunity to improve the efficiency of the governance of information and its security.

Having a single system to manage customer data is clearly an advantage because it helps with one of the most important points in the GDPR: provide transparent information, communications and methods so that the controller can comply with the rights of the party concerned from the beginning and over time.

From the moment data is collected, SugarCRM allows you to clearly identify how the permissions were obtained (even providing copies of documents and the corresponding date/time) and they are always linked, within the CRM system, to each specific individual.

In summary, this is the GDPR checklist:

1. Conduct an audit of personal data
2. Create a list of relevant processes for each type of data
3. Provide legal consent and usage documents
4. Initialize your CRM system to capture and document the GDPR processes
5. Implement the three first points in your CRM system
6. Schedule a continuous and updated process in your CRM solution to comply with the first three points
7. Design processes to cater for any eventual requests from the owners of the data
8. Establish internal notification and change processes.

And precisely, SugarCRM has been specifically designed for all of this.

A specific visual tool for compliance

We left an Ace up our sleeve for the end: In order to facilitate the implementation of the GDPR requirements, SugarCRM provides a visual tool to monitor compliance with the GDPR that supports the implementation of a sound methodology that is fully compatible with the GDPR. This visual process, divided into three major areas (data usage processes, customer requests, and notifications) is deeply integrated with the customer journey that we will have defined and is completely flexible, allowing the alteration or extension of each step or task to adapt it to the specific needs of each individual organisation.

If in your case, you should need external support or specialised advice, you can count on us to help you.