Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

One page-crm-gdpr-presentation

100 views

Published on

GDPR - how to eat an elephant

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

One page-crm-gdpr-presentation

  1. 1. GDPR HOW TO EAT AN ELEPHANT With Andrea Manning
  2. 2. WELCOME TODAY’S AGENDA ▸ OnePageCRM ▸ The Controller and Processor Roles ▸ What does a CRM system do? ▸ Managing GDPR in your CRM ▸ Transparency ▸ Lawful processing ▸ Personal data ▸ Individual Rights ▸ 3rd party transfers ▸ Marketing ▸ Lead Generation and Nurturing ▸ Email Marketing & Re-permissioning ▸ FAQ
  3. 3. WE’VE SPENT A LOT OF TIME WITH GDPR AND LIKE TO THINK WE’VE BEEN THOUGHTFUL ABOUT ITS INTENT AND MEANING. BUT THE APPLICATION OF GDPR IS HIGHLY FACT-SPECIFIC, AND NOT ALL ASPECTS AND INTERPRETATIONS OF GDPR ARE WELL-SETTLED. AS A RESULT, THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND SHOULD NOT BE RELIED UPON AS LEGAL ADVICE OR TO DETERMINE HOW GDPR MIGHT APPLY TO YOU AND YOUR ORGANISATION. WE ENCOURAGE YOU TO WORK WITH A LEGALLY QUALIFIED PROFESSIONAL TO DISCUSS GDPR, HOW IT APPLIES SPECIFICALLY TO YOUR ORGANISATION, AND HOW BEST TO ENSURE COMPLIANCE. DISCLAIMER DISCLAIMER
  4. 4. ABOUT US REMARKABLE TEAM ▸ 2009 - OnePageCRM founded in Ireland ▸ 2010 - Launched ▸ 2017 - 10,000+ customers worldwide ▸ 2018 - GDPR!
  5. 5. CONTROLLER VERSUS PROCESSOR The Yellow Hat Company CUSTOMER/DATA SUBJECT PROCESSORCONTROLLER PROCESSOR
  6. 6. CRM
  7. 7. WHAT DOES A CRM SYSTEM DO? CRM MULTIPLE SPREADSHEETS = ISSUES
  8. 8. WE’VE CONVERTED THE COMPLEXITY OF A CRM INTO A TO-DO LIST
  9. 9. GDPR & YOUR CRM
  10. 10. GDPR AND YOU TELL YOUR SALESPEOPLE 1.Gather only data you need and make sure you have lawful grounds to process this 2.Be open about your actions and prepare for data subject requests 3.Keep the data safe and delete it when you’re finished with it
  11. 11. TRANSPARE NCY GDPRBUILD TRUST THROUGH TRANSPARENCY Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject Article 13: Information to be provided where personal data are to be collected from the data subject
  12. 12. TRANSPARENCY PURPOSE ▸ Disclose your purpose for processing, current and future HOW • PRIVACY POLICY & TERMS • WEBFORMS / LEAD CAPTURE • CREATE A REGISTER RECORDING WHY YOU’RE COLLECTING THE DATA
  13. 13. TRANSPARENCY LEGITIMATE INTEREST ▸ Disclose your grounds for legitimate interest HOW ‣ DETAIL IT IN YOUR PRIVACY POLICY ‣ LOG YOUR LAWFUL BASIS FOR PROCESSING IN YOUR CRM (PROOF)
  14. 14. TRANSPARENCY RETENTION PERIODS ▸ Disclose your expected data retention periods HOW ‣ PRIVACY POLICY ‣ ADD DATE FIELDS TO TRACK WHEN CONTACT WAS ADDED, LAST CONTACT ‣ BULK UPDATE FOR HOUSEKEEPING ‣ GENERAL GUIDELINE: - CUSTOMERS = 12 MONTHS - PROSPECTS = 3-6 MONTHS
  15. 15. TRANSPARENCY 3RD PARTY PROCESSORS ▸ Disclose when and where you send data to 3rd party processors (sub-processors) HOW ‣ START WITH DATA MAPPING ‣ PRIVACY POLICY ‣ PRIVACY BY DESIGN
  16. 16. TRANSPARENCY MECHANISMS FOR TRANSFERRING DATA OUTSIDE OF THE EU/EE
  17. 17. TRANSPARENCY DATA SAFEGUARDS ▸ Disclose the data safeguards you have in place to secure and protect your user’s data HOW ‣ CONTROL, NOT MULTIPLE SPREADSHEETS ‣ LIMIT ACCESS TO THE DATA ‣ STAFF TRAINING ‣ TECHNICAL MEASURES
  18. 18. TRANSPARENCY EASY OPT OUT ▸ You must make it easy to opt out HOW ‣ UNSUBSCRIBE ON ALL EMAILS ‣ SET UP PREFERENCES ‣ LOG IN YOUR CRM ‣ MANAGE YOUR DATA
  19. 19. LAWFUL PROCESSIN GDPR PICK ONE ONLY
  20. 20. TRANSPARENCY LAWFUL PROCESSING 1. Explicit consent for each purpose of use 2. Performance of Contract 3. Legal Obligation 4. Vital Interest of Individual 5. Public Interest - Official Authority 6. Legitimate Interest Article 6: Lawfulness of processing
  21. 21. PERSONAL DATA GDPR EVERY PIECE OF DATA THAT CAN BE USED TO UNIQUELY IDENTIFY A PERSON
  22. 22. TRANSPARENCY PERSONAL DATA 1. Name 2. Email 3. ID numbers 4. Physical address 5. Other location data 6. IP address and cookies (online identifiers)
  23. 23. INDIVIDUAL RIGHTS GDPR STRENGTH ENED INDIVIDUAL RIGHTS
  24. 24. TRANSPARENCY INDIVIDUAL RIGHTS ARTICLE 16: RIGHT TO RECTIFICATION ARTICLE 17: RIGHT TO ERASURE ARTICLE 18: RIGHT TO RESTRICTION ARTICLE 20: RIGHT TO PORTABILITYARTICLE 15: RIGHT OF ACCESS
  25. 25. MARKETING
  26. 26. LEAD GENERATION AND NURTURING MARKETING MARKETING GETS PERSONAL
  27. 27. TRANSPARENCY LEAD GENERATION
  28. 28. TRANSPARENCY LEAD NURTURING
  29. 29. EMAIL MARKETING MARKETINGMARKETING GETS PERSONAL
  30. 30. THE GDPR STATES THAT THE PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES MAY BE CARRIED OUT FOR LEGITIMATE INTEREST With proviso’s….. RECITAL 70
  31. 31. RECITAL 70 DIRECT MARKETING ▸ Have a relevant and appropriate relationship with them ▸ Show that there is a balance of interests between the organisation and the person receiving the marketing. ▸ Tell them you are going to market to them ▸ Show them how to opt out of receiving marketing from you
  32. 32. 80/20 RULE PARETO’S PRINCIPLE
  33. 33. FREQUENTLY ASKED QUESTIONS
  34. 34. FAQ FROM ONEPAGECRM CUSTOMERS ▸ What about existing customers I have stored in my CRM ▸ If we add a prospect to OnePageCRM - are we required under GDPR to have gathered consent from that lead before we add their details in our CRM? (sign up form / verbally over the phone / at a trade show) ▸ Cold emailing B2B contacts?
  35. 35. SUMMARY ▸ LOG YOUR LEGAL BASIS ▸ GET CONSENT FOR MARKETING ▸ LOG THE DATE ▸ KEEP A REGISTER OF YOUR RATIONALISATIONS/DECISIONS ▸ LIMIT OR EXCLUDE STORING SENSITIVE DATA ▸ IF DOESN’T FEEL RIGHT, IT OFTEN ISN’T ▸ DELETE, DELETE, DELETE
  36. 36. HOW DO YOU EAT AN ELEPHANT? (OR TACKLE GDPR)
  37. 37. ONE BITE AT A TIME!
  38. 38. THANK YOU!

×