Companies use CRM software as a communication and relationship nurturing tool with their existing and prospective clients. This is wonderful for tracking clients, managing outstanding jobs and payment history; however, it also involves storing a lot of their personal information for your company’s use – therefore you must comply with GDPR regulations.
GDPR stands for General Data Protection Regulations. It regulates the use of people’s personal information by businesses. Businesses usually use people’s personal information for marketing and sales purposes, such as distributing adverts of recent promotions or new services on offer.
Below are the rights which people retain regarding the storage and use of their information:
- The right to be informed of personal data being collected and how it will be used
- The right to access their personal data that businesses have collected
- The right to rectify inaccurate personal data that a business possesses
- The right to request that certain information is erased or deleted securely and permanently
- The right to restrict businesses from processing their information, i.e. allowing them to block certain data from being used
- The right to object to or refuse to receive direct marketing
- The right to data portability, allowing them to obtain or use their own data
- The right to request that they are not subjected to automated marketing and request human intervention instead of an algorithm
When using CRM software, you have access to client’s personal information, such as their social media profiles, place of business, website and contact details. The GDPR states that client information needs to be obtained lawfully, hence, the client’s consent is required.
When using CRM software to collect and store data, an opt-in function or GDPR compliance form must be created and recorded on the system. If a person creates an account with you and their information is traded in exchange for a lead magnet (e.g. a weekly newsletter) they need to actively click a box confirming consent, as well as the option to unsubscribe or manage their subscription. In all cases, you will need to clearly state what their data is needed for and why.
Using a CRM to store and collect people’s private information is a great strategy to dispense advertising on a large scale to grow your client base, however the GDPR is here to regulate the use and collection of people’s personal data, so make sure you comply and obtain consent before you begin.