What Customer Success Managers Need To Know About The GDPR

Customer satisfaction is vital to a business’s success. If you work as a customer success manager, your main task is to ensure that those who trust your business get what they expect from it. In this case, we aren’t just talking about good customer service and a quality product. 

We are talking about people’s rights to privacy and their security. 

A business has to do its best to ensure the privacy and security of customers as per the regulations where it operates. That’s what the GDPR was made for – to share compliance guidelines and rules that protect customers.

This is, to date, the most important change in the regulation of data privacy. If you want to be a good customer success manager operating in the EU market or catering to customers that live there, the GDPR is something that you should be highly informed of.

What Does ‘GDPR’ Refer To?

The GDPR is the General Data Protection Regulation framework as set by the European Union. This framework applies to all EU-based organizations, but also organizations that have EU customers even if they aren’t based within the Union.

This framework was created to closely monitor customer data storing and usage, and ensure that people’s right to privacy is not harmed.

As a success manager, your task is to know these regulations and follow them. This is important not for better decision-making, but also to avoid immense penalty fines and criminal charges.

The Best Way To Comply With The GDPR

Before we start exploring the GDPR massive law, let us give you some actionable data. It can be really hard to keep track and follow all the rules and guidelines in this lengthy framework. If you want to eliminate the possibility of getting fines and penalties or disappointing your customers, you can always use a tool like Osano to help you comply with the GDPR. 

As a matter of fact, you should start by reading Osano’s thorough guide to the GDPR to learn more about the risks of non-compliance and the current regulations as set by this law. Osano helps users manage their privacy programs within minutes. It checks your site and turns it from liability to a site that handles privacy the right way.

Some General Information About The GDPR

Now that you know of its importance and a way to comply with it, it’s time to learn a bit about the GDPR. We’ll start at the very beginning. 

At a time when the entire world is working hard to protect users’ privacy, especially on the Internet, Europe has not stayed behind. From the perspective of EU citizens, the aim of this goal is “to make it easier to understand how their data will be used before collection, and to be able to raise a complaint no matter where in the world that data is held”. 

Some of the regulations in the GDPR date back 70 years and can be found in the work of the European Convention of Human Rights of 1950. However, before this detailed and massive EU data protection law was set in stone, data privacy was regulated by the EU Data Protection Directive and was far less stringent compared to now. 

In 2012, Europe realized that the work of the Directive wasn’t enough anymore since websites were more numerous and more visited than ever. User data was all over them, and the existing privacy laws were far from enough to keep people safe. 

This is when they decided to start drafting the current regulation and create a fierce form of privacy legal enforcement. 

This law was completed and technically adopted in 2016. However, organizations were given a grace period of 2 years to learn about the new policies and make sure that they comply with them. Two years later, the law officially went into effect in May of 2018.

Why You Need To Know About The GDPR

Though this law is EU-based, it doesn’t just apply to businesses that operate within the borders of the European Union. This is what we call an extraterritorial reach. So, even if you aren’t based in the EU, you must comply with these regulations if you have customers in it. Even if you have a single EU customer, you need to follow these laws and not break them.

The GDPR has already required states in the Union to pass national laws that map to its provisions. This brought a new era in the world of privacy protections.

The regulations in the GDPR are enforced by the member states of the Union. The DPAs that enforce them have no relation to the government i.e. are independent of it. They provide data protection advice, investigate complaints, handle issues, and determine when businesses have breached the GDPR.

In the case where the DPAs determines that a business has breached the GDPR, they have the power to set a fine. These independent public authorities work together and form the European Data Protection Board (EDPB), led by the EDP Supervisor.

What Happens If You Violate The GDPR?

Noncompliance with this law can be very costly. Organizations and businesses that are caught violating this law can be fined up to 4% of the annual global revenue of 20 million euros. 

We can all agree that the penalties are big.

Over the years, DPAs have made some serious sanctions against companies that didn’t comply with the law and harmed people’s right to privacy. One of the bigger fines includes the $267 million fine against WhatsApp that was given in September of 2021.

According to the DPAs, Whatsapp failed to tell its users what it will do with their data, which led to this immense fine and the request to be more transparent in the future. CNBC’s article on the topic will tell you all about this penalty.

In July of 2021, Google got itself one of the biggest fines the GDPR has resulted in – $50 million.

Small discrepancies with the regulations won’t result in such tremendous fines, of course, but this goes to show that the GDPR is not something to take lightly if you have EU customers. 

That being said, let’s take a close look at some of the most important concepts and rules as set by this law.

Concepts And Terms That All Customer Success Managers Should Understand

Generally speaking, the GDPR includes the following:

• Detailed definitions for ‘sensitive’ and ‘personal’ data
• Accountability measures for organizations with EU customers
• Data protection for technology and operations by design principles
• Expanded privacy data subject rights (including the right to object to automated processing of data, and the right to be forgotten)
• Provisions in case of data breach

Even though these regulations can change, the GDPR has a very strong mission that stays intact. The mission of this framework is to mandate that all organizations will collect, process, store or sell data under lawful bases. 

These lawful bases are:

• The subject gives consent to the organization to process the data
• The processing of data is necessary to enter into a contract with the subject
• Organizations must comply with the legal obligation
• Data processing is necessary to carry out a task of public interest
• Data processing is necessary to protect the interests of someone including the subject
• Organizations use the data in a way that the subject expects based on the products or services offered

Based on this, the data subjects or your customers have privacy rights that you have to respect and responsibly comply with. They have the right to be informed when you collect or use their personal data. Customers also have the right to access their personal data and the information on how it’s processed. 

Furthermore, EU customers have the right to rectify incomplete or inaccurate personal data, erase it, or restrict its processing.

Lastly, data subjects can object in terms of how their data is used based on the GDPR.

Steps To Take To Comply With The GDPR Law

Finally, we’d like to share with you some steps that you can take to comply with the regulations more efficiently:

• Make sure that data is erasable. Customers need to be able to erase their personal data from your database if they want to. This is their ‘right to be forgotten. 
• Don’t just imply the opt-in. People should give you explicit consent to use their personal data and store it. Don’t just imply it – make it explicit.
• Create a detailed, crystal clear privacy policy. Your task is to continuously review and revise your privacy policy to meet the latest regulations as set by the GDPR and similar laws applicable to your organization.
• Make subject data easily accessible. Your customers must have control over portability and be able to get a full record of their data on request.

Does Your Organization Meet The GDPR?

Do you cater to customers based in the EU? If your answer is yes, it is your job as a customer success manager to comply with the GDPR. If you haven’t done so already, start working on it now to avoid customer complaints and high fines.