It’s been several weeks since the GDPR came into enforcement on May 25th 2018. The directive enhances EU law on data protection and privacy for citizens within the European Union and the European Economic Area. Even if your company isn’t headquartered in the EU, you may nonetheless be subject to the GDPR if you service customers who are citizens of the EU, or work with businesses that are headquartered in the UK.
Like many other global companies, Vision33 has been working towards GDPR compliance. So, we thought it would be helpful to share with our readers some of the measures we’ve taken. Bear in mind the following does not constitute legal advice - businesses are encouraged to seek legal counsel concerning achieving GDPR compliance. But first, for those of you that don’t already know, what exactly is the GDPR?
What is the GDPR Exactly?
The General Data Protection Regulation (GDPR) is a new directive that affects European and non-European businesses who obtain, store, manage, and process personal data of customers who are citizens of the EU. Although the new regulation enhances privacy principles that already govern the treatment of personal data by businesses, this latest directive enhances them even further with the institution of hefty fines.
The fines for not meeting GDPR criteria can be quite significant; amounting to 20 million euros (23 million USD), or 4 percent of a company’s global annual turnover- whichever is higher. Additionally, like with the Canadian Anti-Spam legislation (CASL), electronic communications, of which the biggest proponent is email communications, will first require consent from the prospect or customer.
How Vision33 is Working Towards GDPR and How You Can Too
Vision33’s approach to our customer data privacy remains the same. We take the privacy of our customers and their data seriously and like many other businesses, we have taken measures towards GDPR compliance and even greater data protection. Leading up to the enforcement date of May 25th earlier this year, Vision33 reviewed its processes to ensure its already progressive policies adhere to the latest standards.
Vision33’s effort towards GDPR compliance is built around several actions that readers may wish to consider.
Providing Customer Support with a Compliant Ticket System
Vision33 TOTAL Care customer support program provides our customers with dedicated management, support and other customer enablement programs to ensure that SAP Business One users learn how to maximise their investment in transformative enterprise resource planning (ERP) solutions. The tools that Vision33 uses to log support tickets is built upon GDPR-compliant software, as is the customer relationship management (CRM) platform that Vision33 uses communicate and manage customer data.
Managing Customer Data with a Compliant CRM Platform
Vision33’s CRM platform is GDPR-compliant, meaning that interactions with businesses follow best practises and requirements for data transparency. But just because a company uses compliant software does not necessarily mean that the company is GDPR-compliant. Compliance requires an understanding of how to use these tools and solutions. Equally important is to provide employees with training to use these tools effectively.
Vision33 has created communication materials and documented processes for our employees regarding GDPR. These materials were delivered through internal meetings, ensuring our employees are knowledgeable about GDPR and its impact on their roles.
Instituting an Organisation-Wide Committee with the Objective of Meeting GDPR Compliance
Vision33 has created a GDPR privacy committee made up of key stakeholders from each department throughout Vision33 to ensure due diligence in achieving compliance with the data privacy component of the GDPR.
Greater Transparency About How We Use Customer Data
Seeking Consent from Vision33 Users to Receive Communications
Vision33 has worked diligently to ensure that its own practises are GDPR-compliant. But equally important to them is helping their partners and customers, understand what the GDPR means for their businesses and how to build compliant processes of their own.
Providing an Opt-Out Option from Vision33 Communications
Part and parcel of asking customers for explicit consent to receiving continued electronic communications, is providing them with the ability to unsubscribe at any time from any electronic communications deemed secondary to doing business with Vision33. An unsubscribe button can be found at the bottom of each Vision33 email.
Want to Learn More About the GDPR?
With these steps, businesses can be well on their path towards GDPR compliance. If you’d like to learn more about how Vision33 is working towards GDPR compliance, please watch a recent webinar we hosted by Vision33’s SAP Business One ambassador and Vision33 Wednesday Web Chat host, Carl B. Lewis.