Skip to content

Let the GDPR requirements guide you in managing user data properly

If your company isn’t using a customer relationship management (CRM) system properly – or isn’t using a CRM at all, it’s possible you are collecting and managing user data in ways that expose you to risk. When it comes to data privacy, those risks can now mean steep fines if you fall under the General Data Protection Regulation (GDPR). The GDPR becomes European Union law on May 25, 2018. And while the GDPR requirements haven’t hit the U.S. yet, any company that markets to potential or current customers in the EU needs to comply. So now is a great time to take a closer look at how you collect and store user data to prepare for the changes ahead.

Consider the chaos that is created from a disjointed system when a CRM isn’t being used:

  1. Kelly gets an email from a form on the corporate website with a new customer inquiry. She sends the data to Chris.
  2. Chris adds the customer to his master list of prospects in Google docs.
  3. Sarah checks the Google doc each week and adds the new names to her Excel doc.
  4. Sarah then has Kevin upload the Excel doc into the company’s email marketing tool.

Let’s stop there. Not only has the process burned a lot of people’s time, but this kind of workflow has user data sitting in four separate systems. Poor data management increases the margin of error, making it easy for data to get lost, missed or duplicated.

Flipping back to the GDPR requirements, according to Article 17, you must have the ability to respond to a user’s request to be removed from your systems. The GDPR refers to this requirement as “erasure” or “the right to be forgotten.” In our scenario, three different people need to be involved to delete a user – creating a lot of room for error and a lot of inefficiency.
This is where a CRM can help. When all your user data is in a CRM, it’s a much easier task. Find the user. Delete the user. Inform the user that the erasure is complete.

That’s the power of a CRM at work. CRMs are a great tool to ensure your company is being a good steward of data – and following the GDPR requirements. At the heart of it, the key benefit is having all customer data in one location, because it standardizes the process of storing and managing the data. Without a CRM, it becomes difficult (and risky) to assure user data has been removed. Especially if you are audited later.

To make things more complicated, Article 17 of the GDPR also mentions that the time for you to complete this erasure should be “without undue delay.” In most cases, this period is one month from the time of the request, but there are a few exceptions. Regardless of the specific circumstances, the clock’s ticking.

Beyond this example, there are many more reasons to get your data in a CRM. A CRM can help you develop sophisticated, event-driven content marketing and lead generation programs. This functionality enables you to send the right messages to the right prospect at the right time – and achieve stronger marketing results.

Complying with a regulation while improving your marketing outreach is not always a package deal. But making the move to a CRM could drive both goals forward and make you a better digital marketer in the process.

For more information on GDPR requirements and effective data management, check out Part 1 of this series: “Catalyst for GDPR Compliance: The Lead Generation Form.”


471 JPL Wick Drive
Harrisburg, PA 17111


1411 Broadway
New York, NY 10018


One Roberts Avenue
Glenside, PA 19038