Helping your business comply with GDPR

May 25, 2018

Beginning May 25, 2018, the General Data Protection Regulations (GDPR) will govern the use of individuals’ personal data in the European Union.

The GDPR applies to all organizations based in the EU and any organization which processes personal data of an EU citizen. The GDPR sets out the standards to be reached by those who decide how to use personal data, and those who do processing on their behalf. It gives individuals broader rights in relation to their data than ever before. Organizations, wherever they are located, need to be in compliance with the GDPR – not only does it set out guidelines on managing individuals’ information, but those who are not in compliance risk adverse publicity and fines.


gray block that reads GDPR compliance and subtext that reads how CRM systems can help businesses to comply with the general data protection regulations and the orange act! CRM logo

How CRM systems can help businesses to comply with the GDPR

If you are already using a CRM system – or considering it – you will likely be aware that it can be an extremely valuable tool to help with GDPR compliance if correctly adopted and used within your business.


GDPR stands for General Data Protection Regulation, which is the privacy regulation in force across the European Union (EU) beginning May 25, 2018. The GDPR lays down new principles – and reinforces existing ones – for the protection of personal data of EU citizens. EU organizations and those which process personal data of EU citizens will have to comply with the GDPR.

The GDPR is effective starting May 25, 2018. In most of the EU it replaces the previous legislation which was put in place at the end of the 1990s.

The GDPR is applicable to any company, non-profit, government agency or other organzation that is either based in the EU or processes the personal information of EU citizens. This means that GDPR knows no geographical bounds and even though it’s enforced by EU based institutions, companies from all over the world are affected.

Brexit – the UK leaving the EU – is set to happen on March 29, 2019 which is around 10 months after GDPR comes into force. This means that UK companies can’t rely on Brexit saving them from the need to be GDPR-compliant. Moreover, in 2018 the relevant UK government agencies indicated they expect to maintain privacy laws at least as strong as GDPR.

GDPR affects all businesses that deal with the data of EU citizens, regardless of the number of employees or turnover of the organization. Small businesses will have to comply with new regulations – for example regarding the manner in which individuals can consent to their data being processed, their right to have their data erased, data portability, data governance responsibilities and notification requirements if data breaches occur. Small businesses in the EU should take guidance from the relevant regulatory agency (for example the Information Commissioner in the UK, CNIL in France) and appropriately experienced legal adviser.

GDPR requires that organizations handle personal data in certain ways. Organizations which have implemented a CRM system can harness it to enable (and require) users to handle that data in compliance with the GDPR. Our detailed guide which you can find here explains how.

There are a number of ways in which GDPR will impact marketers, but perhaps the most important is that the regulation reinforces the need for marketers to use people’s information only if they have a lawful basis to do so. While most marketers will have heard about having consent, there are five other bases on which an organization can rely to process personal data. Of these, there are three which are most relevant to small businesses: to perform or enter into a contract, to fulfill a legal obligation, or where it is in the legitimate interests of the small business, unless there is a good reason to protect the individual’s interests which is more important than the legitimate interests of the business.

Act!’s commitment to Data Protection

Swiftpage is committed to to protecting customer data and ensuring GDPR compliance. We started our preparations 2017 and, as with all applicable law, we comply with GDPR. We will continually review our measures and update them as necessary.

For questions on how your data is handled by Swiftpage, please contact us.

For information about how we collect, store and use personal information please see our privacy notice.

For a detailed guide on how Act! can help with GDPR compliance please download our ebook, available here.