What do GDPR principles mean for CRM data management?

The European Union's new General Data Protection Regulation represents a paradigm shift in the consumer ownership of CRM data.

General Data Protection Regulation (GDPR) principles shift ownership and the authorization to utilize data commonly used by CRM systems, including consumers' names, Social Security numbers, addresses, incomes, purchasing histories and medical information. It also applies to data typically used for tracking users across one or more websites, including IP addresses and browser information.

Enterprises also have an obligation to notify all the affected parties of a CRM data breach within 72 hours. Failure to comply could result in penalties up to €20 million or 4% of company revenue.

Larger firms also need to appoint a data protection officer to oversee CRM data management. GDPR applies to any business with European users, and hence will affect enterprises globally. There are also GDPR principles addressing the flow of consumer data outside of Europe.

EU citizens can make several requests to an enterprise, including:

• Delete all my data.
• Delete some of my data.
• How is my data being used?
• How was a decision that used my data made?

Some of the important ways GDPR principles affect CRM data management include:

• Enterprises must audit their CRM data systems to identify where data is being stored.
• Enterprises need to assess partners that provide leads and process CRM data for services like analytics.
• Systems need to automatically be able to identify how CRM data is being used to accurately respond to inquiries.
• Enterprises must set up ways to automate CRM data across all internal systems and partner services when requested.
• It is important to evaluate the AI and analytics services used to analyze CRM data and to make decisions so that enterprises can answer user requests in simple language.
• Companies need to leverage building a CRM data process to quickly notify affected users when a breach occurs.