The Business Exchange Bath & Somerset Issue 6: Winter 2017/18 | Page 21

FOCUS ON GDPR
DE-MYSTIFYING GDPR WITH FIVE CRM
FIVE CRM is a customer relationship management (CRM) system designed to offer an unprecedented level of flexibility in a
single platform, catering for sales, service, marketing and much more. Headquartered in Chippenham, the firm is making its
mark on a global stage with a second office in Clearwater, Florida, USA. Established since 1991, FIVE CRM has paved the way
for many businesses helping them grow and succeed.
With the introduction of GDPR (General
Data Protection Regulation) in May 2018,
FIVE CRM, saw an opportunity to further
enhance their position as market leaders
and have added bespoke functionality to
their CRM system to ensure their clients
are compliant. Their Personal Data Rights
Management System, allows organisations
to be ready for the changes in regulations,
which includes:
• Management of lawful reason
information for every contact
• Ability to store extensive details for
consent reason by channel
• Complete management of “Right to be
Forgotten”, including backups
• GDPR and ePrivacy compliant email
campaign management
• Can be used as the main CRM or stand
alone Data Rights Management System
Sales manager of the company, Jack
Hodges said, “the idea behind our Personal
Data Rights Management System was
to ensure clear, simple, procedures were
in place for our clients to take away the
worry of the new GDPR regulations. There’s
been a lot of talk about GDPR, but in my
opinion, there is nothing practical or easy
to follow. With our system, we de-mystify
the plans that need to be in place, making
data security and data management
user-friendly, allowing sales and marketing
professionals to relax and concentrate on
their job.”
Here’s FIVE CRM’s guide to GDPR
What is it? Right of access
The General Data Protection Regulation (GDPR) is a new
European ruling, which governs the data protection rights
for all individuals within the European Union. It serves to
strengthen and unify all data protection rules and practices
across the EU. Every EU citizen will have the right to ask how an
organisation is using their personal data, where it’s used
and why. They also have the right to request a digital copy
of the data that is being held about the individual.
Right to object
All individuals will have a legal right to opt out of
marketing communications. If an individual does opt out
you must withdraw them from that activity immediately.
What is changing?
GDPR will put the power back into an individual’s hands.
T hey will gain the rights to access, amend, and restrict the
personal data organisations have about them.
In the unfortunate event that an organisation suffers
a data breach which could compromise the security of
individual’s personal data, those individuals must be told
within 72 hours of the start of the breach.
Individuals also have the “right to portability”, this is the
right to move data and services to another provider with no
hassle or strings attached.
Consent
The greatest change within GDPR is the way consent is
granted. Consent must be knowingly and willingly given by
the individual, with organisations making their intentions
for data use made clear. Soft opt-ins, implied consent, and
hiding data policies within confusing T’s and C’s are all
against GDPR rules. Organisations must keep a record of
why, when and how they were granted permission. There
must also be details of what they were told at the time. If
oral permission was granted, a script of what was said will
work fine, call recordings are not essential.
Right to be forgotten
Individuals will have the right to retract consent at any time,
and have the “right to be forgotten”, which means that if
they request an organisation to delete their data, it should
be done so immediately. It must be deleted from all backups,
and the organisation should have proof of the deletion.
Lawful reasoning
There are six allowable reasons for processing someone’s
personal data. These are:
• You have the consent from an individual
• If it is necessary for the performance of a contract with
the data subject or to take steps to enter into a contract.
• If it is for the purposes of legitimate interests pursued
by the controller or a third party, except where such
interests are overridden by the interests, rights or
freedoms of the data subject- It is for the purposes of
legitimate interests pursued by the controller or a third
party, except where such interests are overridden by the
interests, rights or freedoms of the data subject
• Processing is necessary for the performance of a task
carried out in the public interest or in the exercise of
official authority vested in the controller
• If it is to protect the vital interests of a data subject or
another individual
• It is needed for compliance with a legal obligation
Who does it apply to?
The new regulation will apply to any organisation around
the world, who deal with EU residents. While there is a
possibility it can change, it currently applies to both B2B
and B2C.
@FIVECRM
What will you be able to do?
You can call and email organisations, as these are generic
and not personal data.
It is currently unclear by the EU and ICO if you can
contact potential clients through social media platforms.
Take action now
You must be compliant of this regulation by May 25, 2018,
otherwise you could face penalties of up to €20 million
or 4% of your companies worldwide annual turnover
(whichever of the figures are greater).
To find out more you can receive a copy of their
leaflet, go to https://fivecrm.com/gdpr-leaflet or
take their GDPR quiz visit: https://fivecrm.com/
gdpr-quiz
To book a demo of the new Personal Data Rights
Management System go to:
https://fivecrm.com/trial
THE BUSINESS EXCHANGE 2017
21