The General Data Protection Regulation (GDPR) has become a major concern for marketers, and the urgency to comply is increasing as the enactment date approaches. By May 25, 2018, organizations must have GDPR-compliant processes in place to justify any personal data processing, in order to avoid penalties associated with breaches. The strict and new criteria have left many in a frenzy, yearning for a method to hasten their trip to compliance. However, roadblocks often exist at the foundation: the Customer Relationship Management (CRM) system. This guide discusses the essential new functionality needed on top of the core Salesforce CRM to become compliant with GDPR’s new requirements.

Introduction

GDPR has brought significant changes to how businesses handle personal data. The regulation requires organizations to have robust processes for managing personal data, ensuring transparency, and protecting individuals’ privacy. For many firms, the CRM system is fundamental to these operations, therefore improving its capabilities is critical to compliance.

Salesforce, a leading CRM platform, offers various tools and features to help organizations manage their customer data effectively. However, to fully comply with GDPR, additional functionalities need to be integrated. This paper will discuss five critical Salesforce CRM features that can help firms satisfy GDPR standards and secure data protection and privacy.

Salesforce Individual Object

The new Individual object in Salesforce CRM is a crucial step toward fulfilling GDPR requirements. Individual records are closely related to any person record in Salesforce, such as a Lead, Contact, or Person Account. It is intended to save personal data preferences and information for processing. Some out-of-the-box fields include:

• Don’t Profile
• Don’t Track
• Block Geolocation Tracking
• Ok to Store PII Data Elsewhere

While the Individual object provides a foundation, many organizations may find its out-of-the-box functionality insufficient. As teams across the organization move toward GDPR compliance, data processing needs to become more controlled, transparent, and user-friendly. This article will describe the basic functions that should be integrated into Salesforce to handle data processing beyond the individual item.

Lawful Basis

To process personal data under GDPR, you need a ‘Lawful Basis’ for doing so. There are six predefined categories, and you must match the appropriate Lawful Basis to your relationship with the person and your intended use of their data. The categories are:

• Consent
• Contract
• Legal obligation
• Vital interests
• Public task
• Legitimate interests

For marketers, ‘Consent’ is the most commonly used Lawful Basis, particularly for pre-purchase prospects. It’s essential to have clear documentation and tracking of the Lawful Basis used for each data subject. This information must be disclosed in your Privacy Policy and stored in the CRM, with records available on demand to demonstrate compliance.

The Lawful Basis must be documented and stored in a way that is easy to retrieve and manage. This includes tracking the expiration of consent and managing additional details required for Legitimate Interest. Organizations need CRM functionality that monitors the state of record data and ensures compliance with GDPR requirements.

Processing Reasons

Processing Reason relates to how your firm utilizes data for purposes such as marketing, contract execution, analysis, and customer support. These reasons need to be clearly defined and categorized across the business. For example, you might have categories like pet insurance marketing or car insurance marketing.

Processing Reasons must be detailed and specific to ensure compliance. The CRM should allow for the granular definition of these reasons and track data processing accordingly. This helps maintain transparency and control over data usage.

Channels

In the age of multi-channel marketing, it’s essential to manage communication preferences across various channels, such as phone, email, SMS, and direct mail. Additionally, other departments like sales and customer service also use different channels to communicate with individuals.

Individuals may select the communication channels they prefer based on Processing Reason. This creates a complex matrix matching the Processing Reason, the channel, and consent for that channel. Your CRM must have robust functionality to manage and filter these preferences easily, ensuring compliance and improving customer engagement.

Privacy Details Search

As teams work toward GDPR compliance, data processing must become more user-friendly. Sales and marketing teams need to quickly identify records available for marketing campaigns based on privacy details. This is crucial for maintaining compliance while optimizing marketing efforts.

Organizations need advanced search functionality to filter records based on privacy details. For example, a phone campaign could target individuals whose consent for a specific category is about to expire. This need a comprehensive Privacy Criteria Search tool within the CRM.

Deleted Records

GDPR outlines several ‘Individual Rights,’ including the right to erasure. Organizations must be prepared to act on such requests and delete personal data promptly when requested.

Your CRM must have functionality to handle deletion requests efficiently. This includes logging deleted records for confirmation and cross-referencing purposes. Having a log of deleted records is beneficial for both the data subject and the organization, ensuring transparency and compliance.

Conclusion

With the GDPR enactment date fast approaching, many organizations are looking for ways to accelerate their compliance journey. Enhancing your CRM with the essential functionalities discussed above can significantly support GDPR compliant efforts. By addressing these critical areas, organizations can ensure they meet GDPR requirements, protect personal data, and build trust with their customers.

Ready to Make Your CRM GDPR Compliance?

Contact Lean IT today to learn how we can help you integrate these essential functionalities into your Salesforce CRM. Let us assist you in navigating the complexities of GDPR compliance and transforming your data management processes. Contact our experts now to begin your road toward complete GDPR compliance with confidence.