What Customer Success Managers Need to Know About the GDPR

We’ve been talking about it for a while, but here we are. The GDPR officially comes into effect on May 25th, and for SaaS companies, it’s time to finalize their compliance efforts.

The EU General Data Protection Regulation (GDPR) is said to be the most important change in data privacy regulation to date. The GDPR’s primary goal is to protect and empower all European Union citizens’ data privacy.

Remember, the GDPR applies to organizations located within the EU, but it also affects organizations located outside of the EU if they have EU customers and monitor the behavior of EU subjects.

For Customer Success organizations, the GDPR translates into an obligation to closely monitor where customer data is stored and how it’s used.

Non-compliance penalty fines can go up to 4% of annual global revenue or 20 million euros – whichever is higher.

Because the main goal of the GDPR is to give subjects control over how their data is collected and used, companies will need to get affirmative consent, and justify their actions when using personal data.

The first step should be to assess where you keep critical information, what apps are using that data, and where your database is geographically located. Once your data security audit is done, you will need to set up your systems to make sure you are protecting the data that customers entrust you to manage.

Here are some steps you should take:

  • Make your opt-in explicit as opposed to implied. You should get explicit consent to collect and retain personal data.
  • Make data erasable. The right to be forgotten clause specifies that the customer can request removal of all personal data from a database.
  • Make the data you collect easily downloadable. Customers have control over portability, which means they should be able to obtain a full record of their data which is readable and exportable.
  • Make your privacy policy crystal clear. If your current privacy policy is filled with misleading legal jargon, be sure to clarify it. Ensure you’re covering all of your bases by discussing any uses of personal data.