On May 25th , 2018 the European Union’s new General Data Protection Regulation (GDPR) goes into affect. If you are not familiar with the GDPR you need to be. The ramifications of this regulation are complex and far reaching. For U.S. companies selling overseas, the challenges start soon. It is a safe bet that similar regulations will be headed to the U.S. sooner than later.
The regulation revolves around an individual’s “right to be forgotten.” This means that companies will need to be able to provide explicit “proof of consent” for an individual to be contacted, and a mechanism for consent to be withdrawn by the individual. Further, a mechanism to provide complete data erasure of an individual’s interactions/communications with a company must also be provided.
The implications of this regulation go far beyond double opt-ins for email marketing. It means that while the subject matter of an individual’s inquiry or interaction may be kept the identity, email address and phone number of that individual will need to be expunged without the explicit consent of the individual. How then can you manage communications in your CRM program without falling afoul of the GDPR?
A client with a major global footprint recently shared with me the impact this regulation is having on their organization. Like a bomb with a lit fuse, the report from their legal team sent shivers down their marketing teams spines. Specifically, the names, email addresses and phone numbers will need to expunged from their Eloqua system and CRM programs across their many divisions. Leveraging data captured from their customers and prospects that had previously been used for cross and upselling will likely cease unless and until new consent mechanisms can be put in place. No doubt this regulation will seriously impact not only Eloqua but Salesforce, Hubspot, Marketo, SugarCRM, Silverpop and all other CRM and Email Marketing platforms. The penalties for breaches of the GDPR can be severe.
Below is a snippet related to the Scope of this regulation.
The regulation applies if the data controller (an organization that collects data from EU residents) or processor (an organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
New strategies and techniques to meet GDPR rules will need to be developed and implemented with your CRM and email platforms. Will the GDPR and similar future laws in the U.S. mean the collapse of your CRM program like a house cards? The fuse has been lit. It’s time to get informed and be prepared.