How we are doing, and what we are doing on our GDPR journey to compliancy
As we all know the date of enforcement of GDPR is looming in May 2018. There is a lot written about this GDPR journey but very little on practical steps that companies are taking or have taken so I thought I would write a small article on what we are CRM Together are doing to try comply with GDPR. We of course have written in the past about one aspect of GDPR and a way to address this with Sage CRM.
This is the really scary task for us and will most likely be for everyone. From mid May 2018 we will auto-unsubscribe everyone and only email those who have signed up to our newsletter. You may have seen our first email about this go out earlier this month (March 2018). The reason we decided to do this is because in GDPR narrative it says “you must be able to prove that the people you hold data on, and market to, have given their permission”.
We had a lot of discussion about doing this and the positive thing that pushed me for taking this leap on the GDPR journey was that we’ll know better who we are more relevant to and not just end up in someones spam folder.
We are updating our website so that we have a direct link to the newsletter signup page. This page needs to make it obvious what people are signing up to. We have also turned on the double-opt in requirement. What this means is that once you fill the form in you must confirm via email that you want to opt in. Not every country requires this but we decided to go with the strictest method as we deal with Sage CRM partners and customers all over the world.
Our website also uses HTTPS/SSL.
File system, Software Systems and other Databases
We are auditing all folders and files for any data import files and all systems for personal data (as opposed to business data). Any found are to be deleted. Any files/records containing personal data either need to be deleted or a reference to the data needs to be kept and the reason to keep this documented.
Review provider GDPR policies
This step requires reviewing the GDPR policy of any 3rd party software that we use. They need to comply or we need to look for another vendor.
This is being updated to incorporate the GDPR requirements.
We use formidable form in WordPress and so we need to review the data it saves every month and clear out data older than 3 months. Anything we need to retain is kept in Sage CRM.
We have updated our email signatures to have sign up for newsletter link on them.
Sage itself is bringing out some tools within Sage CRM (in an update) to help with compliance on the GDPR journey. These tools I believe are to help you better comply but of themselves don’t make you compliant.
So that’s an overview of the actual steps we are taking to be GDPR compliant. Is this enough? Well its hard to say for sure. The rules are down to interpretation. All one can do is try and comply. If anyone thinks we’ve missed something or has some ideas on how to automate some aspects of this (without us coding something 🙂 ) please let me know and we’ll update the article. A tool to analyze all our files and generate a report would be nice if anyone can suggest one?
If you want to get on our mailing list and keep up to date you can sign up for our newsletter here