New guide: Thriving in tough times
A leaders guide to successful business growth

How GDPR affects your customer data

Illustration of data with a lock

Long gone are the days when companies could outbid each other on TV and radio advertising, waiting for customers to line up at the door.

Today, the entire buying process can easily take place digitally and online.

And with it, the digital world brings its own rules, which we all need to be aware of.

Sure, you might think that visiting your favorite online shoe store is an innocent activity, but it soon turns into a hunt for businesses to capture your hard-earned cash!

That’s right.

Your favorite company is tracking your every movements – digitally speaking, of course.

And every time you visit a website, you leave a digital footprint.

Things like your IP address, geographical location, gender, income, interests, and the websites you visit are all collected and analyzed to create a digital profile on you.

Based on this information, any business can tell if you’re looking for black high-heeled pumps or a new pair of running shoes.

Of course, this is not as creepy as it sounds. The truth is that it’s being done with very best intentions and to provide you with a more personalized customer experience.

Digital customer profiling: good or bad?

From a company’s perspective, creating digital profiles makes a lot of sense as your customers are willing to pay more for a better experience (leading to higher profits per customer).

Cloud technologies, such as website tracking, automation, personalization and Big Data – all make this possible.

Using browser history, status updates on social media, articles read and products bought online, these new technologies create profiles about a person or groups of people, which can then be used to predict online behavior and future sales purchase opportunities.

And almost everybody does that!

Companies like Facebook and Google collect massive amounts of data in order to offer more personalized ad campaigns. Transportation industries collect data in order to offer personalized transportation proposals. Credit card companies use the data to come up with the right credit score on you.

This new way of doing business has created a huge market for personal data – one that is worth hundreds of billions of dollars!

In fact, the more specific the personal data is, the more a company is willing to pay for it!

But, does tracking their digital behavior really benefit the customer?

An individual’s right to privacy

For the most part, the collection of customer data happens in the background and your customers are usually none-the-wiser for it. You’ve probably experienced it for yourself: you visit a website, look around, leave, and then you start to see the same product follow you around the web in the form of online ads.

But, this way of advertising is in direct conflict with the European Union’s belief in that every person has the right to privacy, that every individual is free and independent, and should be in charge of his or her own actions and decisions without outside influence.

Under the current EU regulations, this is not the case.

So, to protect the individual rights to privacy, the EU is rolling out the General Data Protection Regulation (GDPR).

Coming into effect on May 25th, 2018, the GDPR will provide EU citizens with more control over their personal data and affect all organizations that do business with European customers.

And even though, a lot of attention around GDPR has been focused on the negative impact and the steep costs associated with non-compliance (fines of up to 4% of annual turnover or €20 million), the new EU regulation is a positive step that can help businesses evolve.

Here is why…

GDPR is an opportunity, not an obstacle

Let’s set the record straight – there’s nothing wrong with collecting personal data as long as the individual’s privacy rights are upheld and he or she has given their consent.

In fact, the change that GDPR brings is a great opportunity for companies to build even better relationships with their customers, as the new law redefines marketing, sales and customer service activities.

For example,

  • Under GDPR, sales reps cannot cold email hundreds of potential customers without their consent. This means that sales people will be spending more time with engaged prospects, which naturally leads to higher conversion rates.
  • Under GDPR, marketers can no longer send an email campaign to people who have opted out to receive marketing messages. This means marketers would only contact those who really want to hear from them, which will result in better email marketing response rates.
  • Under GDPR, customer support teams can provide a superior service as customer data becomes more connected into a single and secure platform, making all purchase history and previous correspondence readily available.

GDPR is not about restrictions or fines, but rather about privacy, security, transparency and ultimately, trust. And believe it or not, these elements are an important part of whether or not a consumer or a business customer will choose a certain company.

How does GDPR affect customer data?

According to a survey conducted by the GDMA and Winterberry Group, 92% of B2B and B2C companies use databases to store personal data on prospects and customers.

Most companies collect data on their customers, such as name, address, business email, postal code, interests, purchased products, and usage patterns. They may even collect data that is considered as unique identifiers (passport, ID, pictures, social security number, etc.) or sensitive information (health, political beliefs, race, legal history, and similar).

The purpose behind collecting personal data is quite noble: companies simply want to offer complementing products to their customers, send them relevant email marketing campaigns and provide good customer service.

Together with automation and data analysis, businesses use the customer information they’ve collected to create personalized recommendations for their customers.

All this is indeed great for business, but in light of GDPR, you, as a company, have to ask yourself a few questions, such as:

  • Where do you keep the customer information that you collect today?
  • Do you keep customer data on spreadsheets or in email systems spread across different devices?
  • Do several people in your company have copies of customer information on their hard drives?

But that’s not all!

GDPR also forces you to pose additional questions, such as:

  • Has the customer given his/her consent for you to store their data and can you document it?
  • Is it really relevant or necessary for you to have this data on a customer?
  • Can you explain why this data is collected and used?

Answering all of these questions won’t be easy, and you will need to make significant changes to your business processes for how you collect and store customer data.

It all starts from the moment you collect data.

Under GDPR, you will need to prove that all the information you collect is for a legitimate reason. So, if you ask a prospect to share their pet’s name, then there has to be a reason, or a legal basis, for storing this in your database.

As for storing data, you will not be allowed to store customer data across multiple devices and programs, unless the data is stored securely.

Taking this one step further, these new changes will impact your sales, marketing and service processes.

For example;

  • Each time your sales rep collects a business card, the contact’s email address is usually added to your marketing list. How do you plan to nurture top of the funnel leads?
  • If a subscriber opts out of your mailing list, you need to make sure that they do not receive any campaigns from you in the future, unless they opt back in. Is this process automated?
  • If a prospect wants their data to be deleted from your database, your customer service teams will most often be the first point of contact. Are they trained to handle these types of requests?

How will you handle these processes by the May 25th deadline?

GDPR and your CRM system

By May 2018, all companies not only need to have answers to the above questions and know how to handle each of the 8 privacy rights outlined in GDPR, but they will also need to have a comprehensive system in place where they can store consents, partner agreements, privacy agreements, and customer data.

The personal customer data that you collect and store should be protected during the entire interaction cycle: from being a prospect to becoming a customer, to ending relationships with a company.

Can your existing CRM system support you with all this?

Since we are talking about customer data and CRM, we believe that the best place to keep all of this information is in a GDPR compliant CRM system.

A GDPR compliant CRM system can help you;

  • Manage all your customer relationships, from sales to marketing, to customer service
  • Have a centralized master database for storing consents
  • Categorize and control the management of your customers’ private data
  • Administer a full lifecycle of private data – from registering consent to erasing all information
  • Use a built-in incident management in case of a data breach • Control and ensure transparency of the private data you store
  • Enjoy safe data storage in line with key GDPR requirements and ISO 27001 standards

SuperOffice is fully committed to GDPR, and takes it very seriously. Today our CRM system is already equipped with functionality that allows you to meet key GDPR requirements, provided you have configured the solution correctly.

We have already introduced GDPR-specific features that support the new requirements, such as consent management, subscription management, incident management, and bulk update and will soon be launching new features that cover all 8 privacy rights in GDPR.


Personal data is the world’s most valuable digital resource.

Before GDPR, individuals had little if any control over their personal data and the way it was used. But now, the new regulation brings about a refreshing change that will give the power back to the individual.

With GDPR, businesses will be required to be upfront and honest, and drop all hidden agendas.

Even though you may think that GDPR creates a lot of noise, hassle and even problems, this is only true if you don’t take it seriously, as a business. If you do, GDPR, in fact, creates a whole new world of opportunities for your company.

If your business truly values an individual’s privacy and if you’re transparent about how you use your customers’ data, then you’re well on the way to building deeper trust and creating a loyal following form the people that keep you in business – your customers.

Are you getting ready for GDPR?

To help you get started on your journey towards GDPR compliance, we’ve created a free easy-to-use personal data checklist, which you can use to map out all of your customer data and document the reasons for why you to collect and store it.

Disclaimer: The content in this article is not to be considered legal advice and should be used for information purposes only.

Want more original content in your inbox?

Sign up to our newsletter to learn the secrets we have learned helping growing companies turn relationships into revenue.