Presentation Slides on GDPR – why it matters and how to make it easy

   Words by CRM Consultancy

   on 25/05/2018 13:00:00

Over the last few months we have presented on GDPR a few times to discuss the wider reason and principles involved in the new regulations; and this may be helpful to anyone looking for a summary of GDPR and further resources on the details.

The notes behind the presentation are below, and this forms a companion piece to our article for GDPR – what its really about.

Introduction

CRM has focused on User Adoption and Business Alignment, however technology is rewriting the rules.

This brings new opportunities but also new responsibilities for conduct in the Data Economy – notably the introduction of GDPR.

We will illustrate why the ethos behind GDPR will sit at the heart of the new relationship we will have with the customer, and how to realise the opportunity in having a customer-centric approach to our business.

Why is GDPR here?

Don’t think of GDPR as simply a new regulation or awkward rules to follow – but as a change in the direction of travel to both prevent abuses, and to start putting customer data at the heart of what we do.

No security is perfect, and there will be both deliberate hacks and accidental data breaches

However how we manage these incidents, and the level of respect we show to our customers is key

This is the rationale behind GDPR replacing the Data Protection Act, and the steps taken to ensure that organisations are providing a stable and secure environment for their EU Customers and Employees.

Data Policy will then become the same as having an Accountancy Policy, Legal Policy – an inherent part of operating a business entity.

What do we do?

Many businesses will have superior data systems but still not be compliant as they don’t use these systems in a compliant way.

Think of a person as being the controller of their data that you subscribe to for the duration of the Services and Business that makes you a subscriber to them - until they or you opt out of that subscription.

You are been given a period of access to that person’s personal data and not an infinite license.

What does GDPR mean for us?

At the heart of GDPR is the need for organisations to understand where personal data is stored and apply appropriate controls to secure this information from unauthorized access or malicious activity.

There are a wealth of good articles online that summarise the core pillars of GDPR: http://www.crmcs.co.uk/content/gdpr-and-crm.aspx

How does this intersect with CRM?

What is the highest risk of Data Breach?

It’s not hackers – it’s the holy grail of Email + Spreadsheet attachment.

Why? Because Email is easy to use, and everyone gets it – GDPR compliance should be the same.

Security

Ensure the right baseline is in place so the technology platform is right.

You must be a responsible store of Personal Data.

This does *not* mean being Fort Knox as GDPR is not a standard for Cyper Security – but it does mean having done the legwork in having a map of your Data Audit, a reasonable level of security awareness, and a policy in place for Data Breaches.

Data Audit – models the data we hold.

Structured Data – Databases and other Line of Business Systems.

Unstructured Data – Documents and Emails

Secured Storage – only as compliant as your weakest link.

Internal Responsibility – knowing your internal scope

External Responsibility – using the right providers with well understood scopes.

These six steps will then help ensure you can prove your responsibility in aiming to meet the regulations.

Where the above points may pose problems in competency or time to a business, then engaging an external Application Consultant or GDPR Trainer may be useful.

Tools

Use that technology baseline effectively, and setup in a way that your teams and users can use effectively.

Store your data effectively in a way that you can respond to Customer Queries efficiently – this is typically using a CRM or Marketing Solution that can prove you are a trusted partner with your customer to hold their data.

Dynamics helps you do this for Structured Record-based data.

SharePoint helps you do this for Unstructured Documents, Images and Email Attachments.

Apps such as DocMan can bind bigger tools together into one solution for your teams to use for GDPR – alongside adding specific functionality to help handle Data Access Requests, and sharing Personal Data with the Data Subject via a Portal or Online interaction.

As discussed, GDPR Compliance comes from your Team rather than a System, however good Tools can mean the difference between your Team *naturally* working in a complaint fashion vs having being forced to expand extra time and effort and so making adoption much more difficult.

Knowledge

Understand GDPR and the requirements behind the core principles.

Consent

Right to Access + Right to be Forgotten + Data Portability

Breach Notification

Tech Support will keep the lights on, but is effectively Business as Usual. (a true partner is the difference between a book-keeper and an accountant.)

The Partner will help you manage your responsibility and outsource some of the burdens to ensure you have the right security and right tools.