Impending EU data regulations mean businesses across the globe need to reassess how their CRM data is used in-house and, crucially, in the cloud.
If you’re part of the niche group who enjoy the odd cloud computing joke, you might cast a wry smile at a cartoon on CloudTweaks.com that depicts two angels hovering above the clouds at the pearly gates, with one declaring to the other, “It’s not boring up here, you get to look through everyone’s data!”
Light humor designed for tech aficionados, perhaps, but some say new data regulations set to be implemented across the European Union take this view of cloud computing as a reality. And with a number of changes afoot, a select group of leading global cloud vendors have even voiced concerns that the proposed regulations could “kill cloud computing” altogether.
There’s no doubt the regulations are one of the hottest topics of debate amongst industry experts at present, however the general consensus is that suggesting the death of cloud is mostly hyperbole.
For CRM practitioners either in the EU or relying on the use of European customer data, focusing on performing three key tasks related to how that data is stored and used both in the cloud and on-premise is a must, in order to be ready for the regulations becoming EU law in the coming 12 months.
Get to know your cloud provider
The new laws are specifically designed to redefine how cloud providers collect data, introducing the concept of data processors. So it’s not just the data controller (eg you) that has legal responsibility for data, but the processor (eg your cloud CRM provider).
With such a shake-up in policy, global cloud providers will need to reaffirm where their data and headquarters are located to avoid huge new fines for misuse, meaning big changes to those not currently storing data or based in the EU.
“In short, the EU DP regulation is most interested in personal data. And CRM is, by definition, personal,” says IDC analyst, Duncan Brown. “It’s extra-territorial applicability: so if you process data of EU citizens then you’re ‘in’ irrespective of where you or your data centres are based.”
So the upshot for CRM practitioners is – if you’re using a cloud provider – get to know it a little more, to ensure both you and your ‘processor’ are focused on becoming compliant with the new laws.
Ensure you have consent
Consumer consent has always been a contentious topic in data regulation and cloud computing has always blurred the lines, thanks to the argument about which regional laws data stored in the cloud should comply with.
However, the regulations are set to specify that all consent forms will have to be stored by data controllers and their processes, and must be presented to national bodies such as the Information Commissioner’s Office (ICO) when requested.
In this case, creating a storage facility is a key element of compliance, and will once again require CRM practitioners to get to grips with how this plays out across their in-house and cloud storage facilities.
There’s also a caveat to this piece, because consent over data use will no longer be a single opt-in that allows for all future use, and businesses will need to gain permission at every new juncture of using European data.
“A good illustration is that it will be like a traffic light system,” explains Jeremy Whitaker, executive chairman of Verso Group. “Consumer consent will have to be sought and provided if you want to convey information about a given subject to a customer or prospect through a given communication channel. Later you may wish to communicate about another subject in another way, and that would be like stopping at another set of traffic lights at which fresh permission must be asked in order to move forward once more.”
Give customers the option to withdraw
The final task is perhaps the easiest to understand, but still requires the same level of attention. It’s the “take down clause”: a section of the regulation that states consumers can have their data removed from businesses that hold it, upon request.
The main point here is that you may need to make an assessment about all of your data, consider refreshing your consent levels before the regulations come into play and be proactive in contact customers to readdress your use of their data.
Many experts, including Facebook’s deputy chief privacy officer, Stephen Deadman, have welcomed this move, saying it creates transparency, order and modernization of data protection laws, as well as an opportunity.
It’s this type of optimism that suggests the new laws probably won’t lead to the death of cloud computing, or indeed, cloud CRM. As with any changes in law, it is those that sense the opportunities earliest that will likely prosper most, and the same can be said for CRM practitioners. The key takeaway is – get your data compliant early, and in the process, work out what the benefits to your business will be.
