GDPR: a shortened story

There’s been plenty written about GDPR yet, unless data protection legislation is your thing, you’re probably still baffled by it. To get you started, here’s the abridged version, minus the jargon.

What is GDPR?

GDPR is new data protection legislation that’s being introduced by the European Union (EU) to protect the data of EU citizens. It stands for General Data Protection Regulation and it will affect any business that processes or holds the personal data on anyone residing in the EU, regardless of where the business is based.

When does GDPR come into force?

The new law takes effect on 25th May 2018. Businesses holding data on EU citizens will be expected to adopt compliance by then.


Covering the key issues faced by businesses selecting and implementing CRM.


What’s the point of GDPR?

Advancements in technology and how we use it has dramatically changed in recent years. The old EU data protection law was considered outdated and ineffective, so this is an attempt to bring it up to date. The EU is the first geographic region to tackle the issues and others may well follow suit.

My business is not in the EU, does it affect me?

Regardless of where your business is based, if you hold personal data on any EU citizens this will affect you. You will need to make sure your business is compliant with the new legislation. Non-compliance will leave you open to some big fines. The maximum fines are given as €20 million or up to 4% of your global revenues, whichever works out higher.

How do I become compliant?

There’s two key issues that you should look at as a starting point. Firstly, the data of any EU citizens must be stored within the EU. If you hold the personal data of your customers, employees, suppliers etc, in any systems you’ll need to check these are compliant with the new law. For example, your CRM, accounting and HR systems.

Unfortunately, most of the big tech companies are based in the US so are less likely to be GDPR compliant. You might want to look out for those that are based in the EU and have already declared their compliance.

If you are not already using such systems to store your data, now’s the time to take action! Other requirements of GDPR can be addressed more easily if you are using a compliant CRM system.

Digital marketing consent

The other key requirement is to gain permission from your contacts before you send them any digital marketing communications. GDPR requires you to collect and record “explicit consent” to your email marketing, SMS, fax and telephone calls. Any existing customers or new leads will need to be given the option to opt-in to receive your communications, not opt-out! This means adding a checkbox to your web forms with an unambiguous explanation of what will happen if they do tick the box. And if you’re mailing existing contacts you’ll need to gain their permission in advance of the deadline.

Reality check

Although this is an important piece of legislation it’s unlikely that small businesses have much to fear immediately. Essentially, GDPR is aimed at the big global companies, like Facebook and Google, that store and process large amounts of personal data.

However, it’s in your interest to be compliant if your target market includes EU citizens. If they haven’t already, your customers will soon start to look for compliance before purchasing. Getting ahead of the game at this stage will undoubtedly bring benefits.

What next?

If you now have your head around the basics of GDPR you’re probably ready to start taking on more detail. It’s worth investigating further to make sure your business is not exposed or that you could be losing ground to your competitors.

author image
Helen Armour

About the author…

Helen Armour is a creative marketing professional with extensive experience in both large and small businesses, B2B and B2C. CIM qualified, Helen is Marketing Manager at Really Simple Systems CRM and writes regularly on digital marketing, CRM and GDPR.

author image
Helen Armour

Featured white papers

Related articles