GDPR comes into force in a matter of months. If you don’t know what that stands for or means – I suggest you Google it now. As you’ll know/find out, it impacts every organisation by placing, among other things, new responsibilities on how personal data is managed, stored and used.
There are plenty of good overviews on the scope of GDPR available online, however, there aren’t many articles covering practical steps that SMEs can take to get their data GDPR-ready.
Over the past year, we’ve helped SMEs become GDPR compliant and from this experience we’ve been able to compile some practical steps that business owners can take before they instruct lawyers and consultants or begin integrating new GDPR compliance technology. By doing this before you speak to a third party you should save significant money and time – and you’ll be that much closer to getting data GDPR-ready.
Where do you hold your data?
Most businesses will have a CRM system that stores the majority of customer information. However, there will inevitably be a range of other data stores dotted throughout your business. It could be as straightforward as a spreadsheet on your sales manager’s laptop or some long forgotten marketing database put together when you were just starting up.
So in order to get your data GDPR-ready, you first need to identify all of your known stores. Then, list all your customer touch points where data could be exchanged. Finally, ask your staff to check what customer data they hold on their devices or, and this can easily be forgotten, within their email inbox.
Put your data in one place
After identifying all the data you hold, the next step is to get it all into the same format and place. Usually, you will be able to input any new information into your main CRM or sales system. For smaller businesses, a Google Sheet could be the best approach. Unfortunately, this step can be time consuming and tedious. Just remember the benefits you will accrue and money you will save from doing it properly make it well worthwhile.
Give the data a good scrub
One of the goals of GDPR is to make organisations more discerning about what data is collected. Essentially, moving from collecting information for its own sake, to targeting only the information that is needed. A similar approach should be taken with the data you currently have.
Either in conjunction with consolidation or after your data is only in one place, purge any information you don’t need now and are unlikely to use in the future. The less data you hold, the lower your risk. Delete all copies of the same information that exists outside of your new main store.
Identify your technology gaps
It should now be clear whether the technology you currently have is fit for purpose. If you find that your systems make the above steps impossible or time consuming, it’s a red flag that your data management infrastructure needs an overhaul. You should also ask yourself whether what you currently have can scale or is flexible enough to adapt to a new strategy or product offering.
Finally, can you comply with GDPR responsibilities such as immediately porting personal data to customers or completely deleting it under the “right to be forgotten’?
Enforce data governance procedures
The above on getting your data GDPR-ready will be pointless unless you make sure staff understand and follow strict data governance procedures. Restricting who can access, collect, store and manipulated customer information reduces risk. Limiting or banning the copy and storing of data on personal devices or in places other than your main store will also help.
However, the best approach is to fully educate everyone on their responsibilities and the fines that could be levelled. Reviewing these procedures regularly and ensuring they are adhered to will create a company culture that respects personal data and enables long term compliance.
You may now be thinking that the above is a lot of work – especially given that there are only a few months to go before GDPR comes into force. Just remember that the benefits of proper data management go beyond GDPR compliance. It enables accurate and real-time business intelligence, uncovers customer insights, optimises marketing and customer service and underpins sounds business strategy and product development.
Put simply, it is the bedrock on which a solid company is built. This is true for any organisation, irrespective of its size. From a person perspective, good data governance means that we can all be more confident about sharing our personal data – and that has to be a good thing.
Julian Saunders is CEO and founder of PORT.im
With the GDPR deadline not far away, it’s time to start preparing. But don’t forget, employee data management is just as important as customer information.