ICT Opinion South Africa

GDPR: What it means for data management

On 25 May 2018, South African companies with an EU customer base must comply with new rules and legislation concerning the collection, storage, and processing of personal information also known as the General Data Protection Regulation (GDPR).
GDPR: What it means for data management
© Stefano Cavoretto via 123RF

GPDR goes beyond South Africa’s PoPI (The Protection of Personal Information Act) and will require some additional data management capabilities.

The GDPR regulation requires that all customer data has the ‘right to be forgotten’, in other words, the right to have personal data deleted, in particular from the world-wide-web. In addition, the data must be “portable”, meaning that organisations must be capable of honouring their customers’ requests to erase their personal data or transfer their data from one system to another including a full audit trail confirming that the transactions were completed.

The challenges of GDPR compliance

The sheer volume of data that organisations must gather, store, move, analyse, and exploit makes it difficult to manage customer data with such a high level of control.

In addition to the CRM database, which is the obvious first place to look, the data could also reside in marketing automation, lead management, customer support, financial and field service systems. Personal information can also be stored as unstructured data in many different types of sources, including social media posts, emails, calendars, voice recordings, and spreadsheets.

Data can even be found in places that it shouldn’t be, such as in third-party cloud services, laptop devices, or even file shares in publicly available parts of a network.

In short, it’s no small task to try to find every instance of customer data in your network that needs to be tracked, audited and protected.

New data management policies

Incorporating GPDR into the day-to-day operations may require a significant amount of time and effort, including educating and training staff, updating business processes and implementing or updating technology solutions.

On the plus side, implementing GPDR can create an opportunity to simplify, review, and streamline your business operations. There could be many benefits, including cost savings and automation.
Systems will need to be integrated to identify each instance of customer data. Additional business processes involved with documenting a customer’s complicity with storing their data need to be put in place. Any form that captures customer data has to be fully integrated with the back-end systems in order to ensure compliance by tracking every instance of where the data is shared and stored.

Contact creation through your CRM system will need to go through an ‘opt-in’ process rather than just being included automatically in marketing contact databases. The same applies to contact information collected at industry events and when you receive contacts from a third party.

These requirements also need to be enforced for channel partners that share customer data with manufacturers or other companies.

These rules also apply to previous and existing customers. All personal details have to be deleted. You can’t simply mark “do not contact” in your CRM database. The data needs to be erased in all systems where it appears.

Tools

There are several different tools that can help create an audit trail across the entire customer data ecosystem. These tools act as a framework to monitor, review and assess the data processing procedures with all the required and necessary safeguards.

Integration platforms can provide the glue that’s needed to find and then integrate data from different vendors, locations, and devices. Code-free development tools are ideal for employees who aren’t trained programmers, letting them get involved with the data integration process, which is even more essential since an ever-increasing number of departments and business functions are responsible for collecting, consuming, and analysing customer data.

Becoming GPDR compliant requires a business-led approach that evaluates the complete business model and how these requirements come into play.
With May 2018 right around the corner, it’s never too soon to begin tracking all the sources of customer data, while ensuring GDPR compliance and hopefully also optimising business operations along the way.
Let's do Biz