How to go from compliance to CX excellence in the GDPR era
By Tanmaya Varma, Director Industry Solutions, SugarCRM
We are well into the GDPR era, and businesses are starting to feel its effect. In a recent straw poll on an Engage Customer webinar, close to 50 per cent of respondents revealed their business is already seeing Subject Access Requests (SAR) in one form or another.
We’re seeing several different strategies for tackling GDPR, and worryingly, not all are ensuring compliance. Some companies are just choosing to ignore the regulations, which is extremely dangerous and could lead to severe consequences for those companies found in breach of the law. Others are choosing to delete everything if a customer doesn’t opt in. This isn’t advisable, as it might result in a loss of critical data that you won’t be able to recover. Another strategy is tracking the data, so going through systems and documenting all the data you do have and its uses.
There is clearly a need to strike a balance between the latter two options as it depends whether the data you hold is business critical or not. In fact, it is not advisable to delete all data if a customer opts out of marketing communications – but you need to be able to separate the data that you are legally obliged to keep from the data you only hold for a particular purpose. Therefore it is imperative that you document the way you manage your data – tracking all processes will help deal with Subject Access or Erasure Requests and will prove to regulators that your business is taking steps to ensure compliance.
Most businesses though have undertaken tremendous efforts to comply with the new regulations, but the question now is how can your company work smarter and take steps to go from just being compliant to harnessing GDPR to your advantage and driving towards customer experience excellence?
Orchestrating data from multiple systems
Most companies have several operational systems spread across the business that contain customer data, for instance marketing, payment and ERP systems. In order to ensure a uniform approach to GDPR across the business, look at pulling together clear definitions for your data. So, look at how you identify, categorise and retrieve the data, and make sure this is implemented across the business.
The second important step is ensuring you are ready to deal with Subject Access Requests from customers and prospects alike. Make sure all the information about your data is accessible in one place, and coherently structured – doing so will help to keep you away from fines in court. The government wants to see you’ve made concrete decisions to manage data, and customers want an efficient and informed response to their data requests, so having a structure in place will tick both of these boxes.
The central role of CRM
The right CRM system can play a critical role in your data privacy management. This is where all of your personal, business and preference data is stored, it’s basically the heart of your IT infrastructure and the key system of engagement within a company.
A well-designed CRM platform will contain out-of-the-box functionality to help teams implement best practices for data privacy. It should come with features that allow you to manage consent, restrict personal data usage for specific purposes, erase personal data and support the logging of all data while tracking and recording all these actions and make them available for reporting.
The power of the preference centre
Marketing automation can also help with GDPR compliance and should be used as a mechanism for engaging with customers. For instance, marketing systems and online preference centres can support the capturing of consent and opt ins, not just in the first instance but as an ongoing process in order to maintain compliance. They can also help with the communications needed around handling the right to be forgotten and can take care of subscription management, giving power to the customer and letting them choose their own communication preferences.
GDPR is all about combining trust and choice with the customer and keeping lines of communication open. If you show you value a customer’s respect and privacy by giving them the opportunity to define what kind of information they want to receive, whilst also explaining exactly what you can offer, they will be more inclined to give you permission. This opens up opportunities for better customer experience while proactively protecting the privacy of your customers.
Ultimately, GDPR is a great opportunity to revolutionise your business and streamline some of your existing processes in order keep customer communication lines open and provide a greater deal of transparency. It’s no use burying your head in the sand, smart businesses will harness existing systems and marketing processes to not only ensure compliance but to also achieve superior customer experience and build stronger business relationships in the GDPR-era.
To find out more about data management in the GDPR age and hear from industry experts Phil Winters, Tanmaya Varma and Katie Jameson, come along to our upcoming London event, 3 Steps from GDPR compliance to CX excellence on September 12. To register, visit: https://info.sugarcrm.com/EMEA-Event-London-Life-with-GDPR.html
Tanmaya Varma, Director Industry Solutions, SugarCRM
At SugarCRM, Tanmaya heads the Industry Solutions CoE. He is responsible for leading the solution strategy and go-to-market initiatives for key industry verticals like Financial Services, Global Markets, Business Services and Manufacturing.