The GDPR is coming, get ready!

7th August, 2017



In 2012 a subset of the European Commission came to the conclusion that with the advancement of technology, data protection laws needed a upgrade. When you look at the timeline, the smartphone as we know it today, wasn’t even near existence the last time there was a major change. This has become know as the General Data Protection Regulation.

As someone who has dedicated their career to customer management systems in one form or another, there are two overarching principles that get my attention. The GDPR gives power back to individual to control their data and the GDPR widens the definition of personal data.

To be honest, as a salesforce professional, this scares the living daylights out of me! Though, as a citizen, it is nice to know that there is more stringent protection coming into place. I can’t even imagine how many databases my personal information exists in, from newsletter database to vendors I met at a conference 10 years ago.

Hopefully by now you are beginning to wonder how this effects you as a business. I won’t go into to much detail in this musing but let’s look at the basics.

As a data controller, you must fully understand where personal data exists in your business and how it flows through. Whenever I bring this up, the first question that arises is… “Hold on a sec, clearly this doesn’t mean my CRM data? What about my Leads?” Upon my answering, you could hear a pin drop! All data that can be used to identify an individual is considered personal and you must have the necessary legal bases required in order to use this data. These can be pieces of information such as a name, email address, phone number or even someones IP address. This sole fact is really where the biggest impact lies, before the GDPR it was generally assumed that B2B data was not bound by the same rules as B2C.

All data that can be used to identify an individual is considered personal

It is imperative that you understand where personal data is used because you must be as transparent as possible in order to comply with the regulation. Once you have done this, you must make your customers aware of the data that you are collecting and the purpose that it serves.

Which brings me to my next point, data processing. Within the GDPR, you must have follow a set of guidelines in order to process data, one of which is through consent. Bringing this into Salesforce terms, actions like workflows, lead scoring, assignment, would all be considered forms of processing. This is generally considered any automated manipulation of personal data to provide insight or analysis.

When I first began to read about these changes, I seriously contemplated a career change! Thankfully, I quickly came to terms with the face that this is something we ALL have to deal with. Every business, large and small, that stores the data of U.K. & European citizens must comply with this regulation. Complying with these regulations will be a massive challenge, but it is one what we can accomplish together.

I am lucky enough to have been exposed to this new way of thinking a couple of years ago and am ready to help spread the knowledge. We have assembled a leading team of marketeers and Salesforce professionals to help learn and guide us through the next couple years of compliance!

About the Author

Stephan Garcia

Stephan's experience in data protection stems form early exposure to HIPPA in the medical space. Over the last 5 years, he has shifted his focus onto the Salesforce.com platform. Combining his experience of CRM and data compliance, he feels right at home when talking about the GDPR.