2. Create a Data Story
The GDPR enforces much stricter governance when it comes to the ways that you store and manage Personal Data. Two of the main aspects to this are understanding where the data has come from and when it is no longer needed. It is safe to say that most organisations will create Contacts within Salesforce and just leave them there to go unattended for years on end, a process that could cause serious financial damage to your organisation if you do not do something about it.
Start with the entry point of the data
You must be able to fully dictate where the data has come from and why you have it in the first place.
Here is some of the data you can use to track the origin of the data:
- If this is a website, I suggest also storing the URL that the registration was created from
- Date/Time of Creation
- Opt-in Status
- Purpose of this Record
- Are they a potential customer? Newsletter subscriber?
The Customer Journey
Now that you have acquired the data, every business will have a separate use. Some business are trying to sell you a product, some are trying to recruit you, and each will be unique. Though, no matter the type of business, you will have an internal understanding of whether or not someone is a lead, a customer, or just dark data.
Plan your exit
Identify at what point in the lifecycle that the personal data is no longer needed.
A few examples of where the data should be deleted are when:
- Their contract has ended
- They have declined to speak to you
- They are repeatedly not opening your newsletters
Warning: your Chief Marketing Officer CMO may try and convince you that the data is required for reporting, but I can guarantee you that the ICO would not agree!