5 Tips To Help U.S. Startups Achieve GDPR Compliance

Customer data privacy and security are no longer just a moral responsibility. Instead, it has taken the form as a legal imperative.

Does your small business place the highest priority on data privacy and security? If not, customer data protection should be a top priority. However, it’s no longer just a moral responsibility. Instead, it has taken the form as a legal imperative.

As you’ve surely heard, the General Data Protection Regulation (GDPR) took effect May 25. This new set of regulations, which replaces the Data Protection Act 1998, legislates online data rights for any organization that sells products or services to European Union (EU) customers.

“At its core, GDPR is designed to give EU citizens more control over their data,” Symantec explains. “It sets out principles and guidelines for companies to adhere to when managing the data of EU citizens, and imposes stiff penalties for non-compliance.”

Complying with these new rules might seem daunting (and even unnecessary) for U.S.-based small businesses, particularly since there’s still a lot of confusion regarding the specifics of these new rules and requirements. But if you can understand these five keys to customer data protection, it will go a long way toward helping your business achieve compliance.


1. If you have any customers in the EU, you must follow the rules

It’s no secret that exported goods and services are big business. Nearly 60 percent of U.S.-based small or mid-sized businesses have sold merchandise outside the country, according to a recent study released by the National Small Business Association.


Start a business in Europe
Photo: London © dade72, YFS Magazine

While many of those exports were headed for China or Canada, a significant portion of exported goods were received by EU countries such as Germany and the United Kingdom. Yes, the UK is still part of the EU and customers in this sovereign state are protected by new GDPR rules for at least another full year.

Even if a business’s physical presence is in the U.S., it must comply with the new GDPR rules, so long as it’s doing business in the EU. Simply put, if you’re making sales or providing services to EU members, you must be GDPR compliant.


2. Get familiar with GDPR’s definition of personal data

If you find the new data laws perplexing, you’re not alone. About one-third of surveyed businesses owners said they were confused by the GDPR. In order to comply with rules, you must first understand them—and that starts with GDPR’s definition of personal data.

Personal data protection is a key component to the legislation and one that’s crucial to fully comprehend. The GDPR broadly defines personal data as any information that can directly or indirectly identify a person. The lengthy list of personal data identifiers ranges from a person’s name and address to their workplace and appearance. Essentially, the definition includes any information that would directly identify a specific individual, or information that could indirectly pinpoint a person through a combination of data.

Much of the information you’ve recorded about individuals in your CRM is likely considered personal under GDPR. With this in mind, it’s critical to keep your CRM’s data secure, and ensure it’s managed in a compliant fashion.


3. Create a data usage and storage compliance plan

The right CRM can work wonders when it comes to complying with GDPR’s data usage and storage rules. As you probably know, new data protection principles require personal data to be used fairly, legally and transparently. It must also be collected for specific purposes – and used for only for those specified purposes. Data must be deleted when it’s no longer being used for its initial, intended purpose.


Photo: Server Room; © 3dmentat

It might sound overwhelming, but complying with this new set of usage and storage compliance is perfectly manageable. CRM tools can help small businesses track how users are logging and using information on file. It can also limit access for users to ensure they only have access to information that’s relevant to their specific roles.

Better still, small business-focused CRMs such as Act! allow users to store and clearly display individual data preferences, and keeps tabs on when each file was recorded or edited. This helps small businesses to eliminate redundant data, and work with the most relevant files, all the while remaining GDPR compliant.


4. Create a GDPR accountability strategy

Of course, all the new requirements set forth by the GDPR would be meaningless without an effective accountability strategy. That’s why the GDPR has set a number of measures in place to ensure businesses demonstrate compliance.

Though the list of accountability requirements is lengthy, the right CRM tool can make it manageable. For instance, a CRM can help document compliance by securing data, offering built-in storage, and making files easily accessible. Though a CRM tool can’t address all the accountability requirements, it can certainly ease the burden for small businesses struggling to keep pace with the GDPR’s demands.


5. The right CRM tools can help

Meeting the GDPR’s online data requirements can be challenging – particularly for small business with limited resources.


Photo: © Burlingham, YFS Magazine

The right CRM can simplify the process in a multitude of ways. After all, CRM and GDPR are already intertwined. Both strive to prioritize customer needs, treat online data respectfully, and effectively manage customer information. A good CRM tool can simplify the GDPR compliance process by helping users track and edit data, log customer preferences and stay abreast of a customer’s changing needs or privacy preferences.

Proper customer data protection is essential to business success in years to come. By centering your GDPR plan around the right CRM, you can save yourself a lot of headaches and handwringing and position your small business to safeguard its most important asset—it’s customer base.


Lindsay Boullin is GM of Swiftpage International and Global Customer Success Leader. At Swiftpage, Boullin is responsible for Act! customer service globally as well as sales outside of the Americas. He previously held the title of VP of International Operations with Swiftpage. Prior to Swiftpage’s acquisition of the Act! (www.act.com) software solution, Boullin spent eight years with Sage Software, working with the Act! solution as well as other Sage products in the role of Senior Commercial Product Manager. Prior to that, he was an English law attorney for 10 year, specializing in data protection and information technology law.





© YFS Magazine. All Rights Reserved. Copying prohibited. All material is protected by U.S. and international copyright laws. Unauthorized reproduction or distribution of this material is prohibited. Sharing of this material under Attribution-NonCommercial-NoDerivatives 4.0 International terms, listed here, is permitted.


In this article