I’m not being funny, it’s your data

8 Jul 2019

I am occasionally surprised when we are asked by a customer what they should be doing with their data. Specifically in terms of data retention and data processing. This question always stuns me because it hints at a larger perception of where a company’s CRM data strategy should originate. 

Now you’re welcome to disagree with me, but here’s my opinion on the matter: 

It’s your data. Therefore, it’s your CRM data strategy. 

And that’s our company policy. 

It’s the reason we ask so many questions when someone comes along asking how our CRM can help their company.  

We want to know your plans for your data, so we can help you fulfil them. That’s our job. 

Open CRM is the tool to help you put your plan into practice 

But you’ve got to have a plan in the first place! 

There are lots of legal reasons why we do this, but it all boils down to this one idea. It’s your data and we as a company shouldn’t be affecting it. 

I’m going to explore some of the actual CRM features you can use to implement your data strategy a little further down the page. But first, I’d like to mark an important milestone in data protection and security

GDPR “went live” more than a year ago…has anything changed? 

The first anniversary of the implementation of the General Data Protection Regulation (GDPR) passed a few months ago.  

To be perfectly honest, although last year was hectic for us around the launch, this first anniversary passed with very little comment or fanfare. 

I think there were a lot of people and companies who panicked last Spring—they’d never dedicated a huge amount of thought to their data protection strategy and suddenly it was all over the news. 

There were consultants all over the shop, promising to make businesses GDPR compliant overnight by writing data strategies and “fixing” your CRM for “minimal costs”. What a load of…well, let’s just say a lot of them were misguided.

But here’s the thing that really gets me. A lot of businesses spent a lot of time and money to get their data policy sorted…and then I believe a lot of them forgot about it. 

Your data strategy should evolve and change as your business does 

Let’s say that you’ve already got a strategy for how you hold the data that is in CRM (and other systems)…even if you don’t yet, you should…and let’s assume everything is running smoothly.  

Then you decide to make a small change to your processes, a different department is getting involved or you’re changing how many departments are involved as a way to streamline things. As you’re drafting these changes, one of the questions you should be asking yourself is: what data is involved in this? 

If any personal data is being processed in any way, you simply have to go back and think about how your overall strategy is being affected. 

The effect might be tiny, a simple documentation change to say who has access to what. Or it could be huge, you might be bringing new systems or individuals in, meaning you need to get people trained or systems configured to match your existing strategy. 

You might even have to re-work some of your data policy to fit this new process. 

I’m not trying to scaremonger, I just think that as the news dies down around GDPR, it has been easy for people and businesses to lose sight of these policies and strategies. 

And then we get asked “well, what should I be doing with my data?”…which we can’t answer. 

As I outline above: the data is yours, we’re here to help you implement your CRM data strategy, but decisions have to be made by your own executive team, the people and principals who have the legal responsibility to manage your business.

So how do we help with implementation? 

Enough of my soapbox rant. You get the idea. So now let me be more constructive. 

We have a load of features and tools that you can use to implement your existing CRM data strategy. 

Access Control and Permissions 

First and foremost, we give you the tools to decide what different areas of the system your users can access and interact with. This can be based on their roles and/or which team or department they are in. You can read our FAQ about it here

You can also set a password policy, decide how many times a user can attempt to login, and black or white list IP addresses to control WHERE people can login from. Can you also read more about our other user access controls here.

Plus, our support team will not unlock your users’ accounts for you. So if you’ve locked them out for some reason, they can’t just request a reset. You have to authorise it. 

Data Retention and Right to be Forgotten 

One of the central areas people focused on when GDPR was introduced was the importance around how long a business was hanging on to personal data that they no longer needed. 

There are lots of interpretations of this, but instead of wading into that debate, we created a new way for managing your existing data retention policies and how you wanted to process right to be forgotten requests. 

Like I keep saying, it’s your data and it should be your strategy. We just give you a CRM system full of the tools you need to manage it. 

Managing your Marketing 

The other big discussion point when it came to GDPR was the “opt in” requirements for emailing someone. 

Again, there’s a lot of debate about this. And once again, we’re keeping our noses out of it. 

But what we did do was upgrade our mailing list manager so you can implement your own plans for active subscription management


And finally, you can get a full audit of the modifications on the various records in Open CRM so you can see who has done what to your data.