What You Need To Know About GDPR
Protect Your Business by Protecting Personal Information
The General Data Protection Regulation will take effect across Europe in May 2018 – Are you ready? For any businesses that might handle the personal data of residents of the European Union, now is the time to prepare. Below, we go over the most important aspects of GDPR with regards to sales and marketing teams.
What is GDPR?
The General Data Protection Regulation is a new framework developed in order to strengthen data protection laws for EU citizens. It replaces the Data Protection Directive, which has been in effect since 1995. GDPR is designed to standardize data privacy laws while increasing the rights of individuals regarding how their personal information.
Will It Affect My Company?
Quite possibly. Any company that falls under the realm of either a “controller” or “processor” of personal data within the EU will be affected by GDPR. A data controller refers to someone who determines how and for what purpose any personal data will be processed. The processor refers to the person or company who actually carries out the action of handling the data.
This will impact financial service companies in particular, but it should definitely be on the radar for any company with international business sectors.
Will It Affect My Sales and Marketing Process?
Again, it’s likely that it will if you operate globally. If you are using a sales enablement or content management solution with strict compliance standards in place, the inclusion of GDPR-related policies will not be a heavy lift.
How Can I Ensure My Business is Compliant?
Review Your Existing Policies for Handling PII
Do your reps ever CC or forward emails from contacts that may not have given consent to have their email address shared? That could be a red flag.
Does your sales team’s process for entering data into CRM include finding and saving non-corporate email addresses, such as email@example.com in addition to firstname.lastname@example.org? That on its own could land you in hot water if you cannot prove that you have the prospect’s opt-in consent.
Or how about the detail of notes your sales reps enter into CRM? If a rep does a follow-up call and is told by the receptionist that the prospect is out of office due to a hospital visit, it’s fair to assume the lead did not authorize your business to capture and log that information. Err on the side of caution, especially when the notes could easily be reworded to avoid personal information, such as “John Smith is unavailable until next Tuesday.”
Most likely, your policies for managing this kind of information will be thin at best (or non-existent), so take some time to fully document your process to ensure that your sales team and legal department are completely on the same page.
Evaluate Your Sales and Marketing Tools
Verify that any sales and marketing platforms your company uses are fully capable of handling GDPR’s stricter requirements for data protection, the right to be forgotten, and data minimization. Look for any gaps or potential pitfalls where personal information could be exposed or transferred.
Train Your Staff on Changes to Process and/or Technology
If GDPR triggers the need to change any ways in which your reps use their tools and resources, you have a duty to ensure each staff member is trained in those changes and is aware of the full scope of their responsibility under GDPR.
And as with any effective sales training process, the best approach is to reinforce that training over time as part of everyday operations.
The good news is that you have time. GDPR isn’t going into effect tomorrow. But that doesn’t mean you can sit back, relax, and hope for the best! Take these new regulations seriously, follow the tips mentioned above, and contact your sales enablement provider with any questions you might have!