It has become evident that non-compliance with GDPR will most definitely be far more costly than compliance. Not only because of the fines the authorities threaten to impose, but also because of the risk of reputation damage and churning clients. While the regulation will certainly put pressure on large corporates, it may pose an even tougher challenge for small- to mid-size companies. So what can you do today to assess whether your current systems are up for the task?
In smaller firms, we often see that the collected customer information spread across multiple systems and communication tools. Think e-mail inboxes (both professionally and personally), CRM or ERP systems, databases, Excel files, folders on employee computers and personal computers, external drives, backups and archives. Furthermore, records such as copies of clients’ passports or prints of tax reports are often stored as hardcopies somewhere in an archive in the basement.
Until recently, the biggest downside of this fragmentation was that information took longer to find. For example, lawyers in the UK spend an average of 2 hours a day on finding information. Hard to imagine in a Google-world, but true. Other firms hire one or more people to do this work for them: searching through old e-mails and hard-disk folders and ‘unboxing’ archived hardcopies. Apart from this time waste, it is difficult to keep document versions in sync across all the systems and copies, and near impossible to update all at once (for example, when a customer moves houses).
With the new GDPR regulation coming in, however, the fragmentation of your clients information poses a more serious problem: not only will you need to have a complete overview of which information is stored where, a so-called “data-inventory”; you will also need to justify how it is protected and how you’ll abide to customers requests to transfer or delete all of it.
So let’s go over how GDPR could work with e-mail, customer relationship management software (CRM) or ERP systems and archives.
Do you use e-mail to interact with your customers? Think carefully about what type of data you ‘store’ in your inbox. The amount of uncoordinated data that lies in inboxes is usually far beyond what we think. This becomes a liability with GDPR, as creating a data inventory out of your inbox is almost impossible. Tools: e.g. Outlook, Gmail, and Apple Mail
Do you use a CRM, ERP, or other customer management software such as accounting or asset management tools? If yes, do you store personally identifiable information in it (PII)? What do you do with it? If your systems integrate with other systems, is it an ID (e.g. customer number) that you hand between systems, or the full text? What about encryption? It is advisable to check this with your system providers, they should be able to help you answer most of these questions. Tools: e.g. Salesforce, Microsoft Dynamics and Capsule
How do you archive your customer data? Is it physical, or digital? Do you store too much, or just enough? For how long? How do you find the data you store? Is it stored securely? Who can access it, or parts of it? For example, if you store your mailing list in an Excel sheet on your companies’ Google drive, think about who can access it and whether those people really require access. That also applies to data rooms, often used to give others access to information of sensitive nature.
To provide further structure to the above questions and expand it to other systems you may currently use, we have listed 8 steps which will help you assess where your firm is at when it comes to GDPR compliance.
If GDPRs core aim is to change how businesses process and handle data, let’s see this as an opportunity for high trust businesses to redesign internal processes in such a way it impresses both the regulators and their customers. Remember that the core of GDPR is that you as a company are responsible to take any possible measure to protect the data you’re given. By following the above steps you’re already off to a good start.
If you want to take it a step further, we’re excited to announce that we have just released new features at Teebly to make your GDPR compliance easier:
✅ Who-accesses-what: sometimes, colleagues or third parties only need to see part of a document or conversation. Teebly equips the people of your choice with tools to easily manage who can see what, and for how long. We’re quite proud of the level of detail in this feature.
✅ Data-at-rest encryption: when data is stored, we apply data-at-rest encryption. This makes it impossible for a rogue employee or ‘visitor’ to reach this data.
✅ Consent management: as simple as flipping a coin, users can granularly opt-in or out of specific data use at any time.
And there’s more where that came from:
✅ Data portability: users can request all info you hold on them. With Teebly, it takes your firm minutes to fulfil this request. Not hours.
✅ Instant wipe: if your client asks for his data to be removed, we automatically collect all relevant data and enable a simple and structured deletion process. Teebly automatically separates data that the law requires you to keep, for the right amount of time. Easy, right?
✅ Storage location: your customers choose the region(s) in which their content will be stored. Apart from a general feeling of safety and control, we found that high net worth individuals specifically appreciate this function.
For further reading, we highly recommend the Information Commissions Office (ICO) official guidelines, as well as the articles of the Deputy Information Commissioner Steve Wood in which he discusses which ‘myths’ around GDPR compliance are true and false. We’re also a fan of Revolut’s clear post and the Financial Times’ explanation video. This guidance to consent is worth a look, too. Finally, we recommend MME as one of the leading law firms on this topic, especially for companies in Switzerland.
Thanks for reading!
The Teebly Team.
P.S. If you know someone who would benefit from reading this, please do forward!
We can't wait to show you the world 's best customer communication tool. Tell us a few things about yourself and we'll show you a lot more about us.
Our free trial is launching soon. Be the first to know.
Or do you want to see how Teebly looks in real life now? Get a demo