Governments around the world are tightening the laws on data protection and breach notification, affecting millions of businesses across the globe. Europe has already tightened their data privacy laws with the General Data Protection Regulation giving the individual more rights and protections. Now it’s Canada’s turn to beef up its data privacy laws.
Starting November 1st, organizations across Canada will be subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) which will require companies to provide consumers and individuals notice of privacy breaches. Companies and organizations may also be liable and could face fines from $100,000 to $500,000 if they are found negligent.
Businesses must ensure customer information is in safe hands, and should come up with a system of reporting data breach to privacy agencies and all persons involved as quickly as possible.
Complying with Data Protection Laws
CRMs generally conform to data protection laws by helping customers make informed decisions along the ‘buyer’s journey’. With the new law coming into force, businesses that use them are much better off compared to those who don’t. This is due to the fact that CRMs have certain features and functionalities which covers both business owners and customers from improper use of customer data.
Consider some of the GDPR-compliant features and functionalities of Small Business Dream CRM:
- “Double opt-in” email confirmation – your email subscribers will not be entered into your mailing list until confirmation by email, explicitly stating his or her interest to receive more information from you. This step is extremely crucial because it can be used as proof that they’ve agreed to your terms.
- “Opting out” from your mailing list – subscribers can unsubscribe at any point in time by clicking “Unsubscribe to this email” at the end of every mail. This goes perfectly with data protection laws allowing users to opt out of your mailing list fairly easily. Sending marketing emails to your subscribers without an “unsubscribe” link puts a lot of risk to your business for non-compliance of the GDPR.
- Deleting contacts – this option will come in handy if you have prospects and customers who want information about them completely wiped out from your system – again, in compliance to data protection laws about your customer’s right to be “forgotten.” However, it is good practice to keep a CSV file of all your customer’s data offline as in the case of a data breach where you might have to take drastic measures to prevent further attacks.
Business owners who use CRM will have better chances of being on the right side of the law than if they were to do things haphazardly on their own. Note: this is not legal or financial advice and is written only for educational purposes. Whenever possible, seek competent legal advice about data protection or have Small Business Dream help you with it.
Collecting and Storing Customer Information
As much as possible, you should avoid storing sensitive information which may cause potential harm to the customer, esp. matters about one’s financial status or health condition except in business like real estate, medical services, or financial planning where they are considered essential. In this case, we need to secure information about our customers by all means.
At the very least, we only want the bare minimum such as names and contact information from the get-go. But as we get to know our potential clients and customer, we can collect more information about them through surveys, e.g., specific interests, hobbies, preferences, and other such details which doesn’t reveal sensitive information. Ultimately, we want to make sure our CRM is impervious to cyber attacks and allows us to quickly respond to data breach with relative ease.
Keeping Your Data Safe
Before signing up for any CRM service, you should ask your account representative where they store their data. You should avoid companies that have data centres in countries that don’t have a good record of privacy or security. Small Business Dream uses servers in Australia, Japan and the United States – three countries that take privacy and security very seriously.
Most CRMs have SSL certificates to prevent unauthorized access to your customer database. Small Business Dream CRM uses secure connection for accessing the CRM accounts. It also makes it possible to remotely access the CRM in case of theft or loss, providing users some window to pre-empt a data breach, and quickly notify customers about it. In any case, don’t hesitate to let Small Business Dream help you out by availing one of our mentoring and customization packages designed to provide you with the best and most secure user experience.
In closing, CRM can be of great help for business owners to be a step ahead, not only in the competitive world of business, but in keeping it within safe bounds of data protection laws. Compliance is no longer just an option – having a CRM for your business is more of a necessity, if not the only logical choice.
Learn more on how you can successfully build your business through sales and marketing automation. Visit SmallBizDream.com and start using our suite of tools to increase your sales and profitability like never before.