GDPR has been here for a month. Since it came into force in May 2018, GDPR’s rules on data privacy and security should have become “business as usual” for all organisations handling data on EU residents. However, while the rules may be designed to be simple and create clear guidance on handling data, running this in practical terms can be more difficult.
The first problem is that many companies operate across more than one region. Handling a mix of EU and non-EU data can be problematic for international businesses. Secondly, people move and change their details over time. This can lead to problems when EU residents move to non-EU countries, or non-EU residents carry out purchases while in the EU.
GDPR itself is not going away, so looking at your long-term approach to handling personal data is just as important as all the preparation work to get compliant in the first place. So how can we all simplify our approach to customer data?
Centralise your customer data
One of the easiest ways to reduce your overheads is to take one approach to all records, regardless of the customers’ location or residency. By having one set of policies – and one approach to oversee – you can avoid those edge cases leading to more management headaches.
By applying a more stringent approach to customer data, you can provide a better customer engagement experience for all. You should apply rules like data portability, data governance and the right to be forgotten to all your customers, rather than just those in one specific region. This is the approach that we take at Freshworks, and we encourage all our customers to do the same.
This approach is not just about altruism – it makes more business sense to have one approach to working and managing customer data rather than multiple silos. This encourages the company to have a joined-up view of the customer that takes all their activities into account, while also meeting regulations and compliance controls. It should also cost less to manage than running multiple groups of data on different platforms or instances.
Plan ahead around compliance
Looking ahead, GDPR is being used as a framework by other countries and regions in their approach to data and privacy. Today, supporting GDPR allows companies outside the EU to address a market that will otherwise be denied to them. These companies can prepare ahead of time for any new data privacy and protection laws that are developed locally in their country or region based on GDPR. By thinking ahead, you can ensure that your approach to customer data is compliant wherever those customers happen to live.
One risk here is that there will be local discrepancies in how rules on privacy are applied in practice. For example, under Article 15 of GDPR, every customer can make a request for a copy of their data, while Article 16 allows customers to request changes to their records for accuracy. These Articles have timescales associated with them, as well as guidance on how they should be fulfilled. However, companies can define their own responses and approaches.
Meeting the most stringent rules across all your data should make this less problematic to start with. After all, no-one complains when they get their request met faster than expected. However, changes in other areas of law can affect data management – for example, retention of data for financial compliance and accounting rules. Now, GDPR already has some flexibility with regards to how long records should be kept based on those other compliance requirements. However, using GDPR you can be prepared for any change in advance.
The service perspective – more engagement, less overhead
Managing customer data is a significant overhead for teams involved in IT service management and customer experience. Whether you are a B2B or a B2C organisation, don’t let your customer service be held up by fractured datasets or by costs around maintaining multiple sets of records in different applications.
Instead, consolidating your approach should make things easier when handling data. Whatever provider or tool you use, you should look at their GDPR guidance and whether they can report to you as a third-party provider. You should also get a full overview of the steps that any supplier takes around your customer data, so that you can check it matches up with your internal security policies too.
After checking these areas, you can start looking ahead. GDPR encourages all firms to put themselves into their customers’ shows and consider their expectations first. By building on this, you can start improving your engagement with customers, wherever they happen to be and whatever channel they prefer to use.
Freshworks is a customer engagement platform for businesses of all sizes. The company’s suite of products is designed to work tightly together to increase collaboration and help teams better connect and communicate with their customers and co-workers.
Founded in October 2010, Freshworks Inc. is backed by Accel, Tiger Global Management, CapitalG, and Sequoia Capital India. The company’s cloud-based suite is widely used by over 150,000 businesses around the world including the NHS, Honda, Rightmove, Hugo Boss, Citizens Advice, Toshiba and Cisco.
This blog was updated on request by the author changing “EU citizens” to “EU residents”.