Customer data protection in the CRM area

Today, high-performance databases and systems permit fast, targeted implementation of measures to reach customers through a wide range of communication channels. Business processes relating to the existing Customer Relationship Management (CRM) system, now often implemented through cloud computing, thus pose a special risk in terms of data protection law. Customers often have negative associations with terms such as address trading, scoring and advertising emails in connection with companies’ marketing activities.

With the new framework conditions of the German Federal Data protection Law and the Law Against Unfair Competition, legislators are increasingly building on information obligations and other transparency requirements. Whether as the operator of your own CRM database, as a manufacturer of corresponding software or in your capacity as a CRM solutions provider, be sure to present your customers with a legally permissible and sustainable public image.

Here we can help you perform on the market in a legally compliant manner that does not damage your image. We offer practicable measures to support your projects in the CRM area, while contributing our wide range of expertise to add value to your business activities.

Do your CRM activities also involve other companies or branches, possibly even on an international level? Do you have a uniform marketing strategy? With our modern data protection management system, we offer practicable solutions for your worldwide profile from a single source.

Transition period for customer data protection in the CRM area has ended August 31, 2012 for German legal entities

August 31, 2012 marked the end of the three-year transition period for setting up customer databases according to the requirements of the amended version of the BDSG [German Federal Data Protection Act] from 2009.

Above all, two aspects are particularly relevant for companies of all sizes:

  • First of all, the legal reform affects the fundamental authorization to store customer data. Since September 1, 2012 companies must be able to prove the origin of the data for all customer databases – even for data collected before 2009. In the event of an official or legal audit, they must show documentation for each of the relevant business transactions, or corresponding declarations of consent for storing the data.
  • Furthermore, the BDSG amendment also affects how data is handled, particularly the ways in which advertising is communicated to customers – whether by mail, email, fax or phone. In the future, separate, explicit and in some cases very specific agreements will be required from customers according to how they will be contacted. It is thus clear that the law will involve higher technical standards for CRM systems in the future as well, since the systems will need to include the declarations of consent.

Since the end of the transition period on August 31, 2012, corresponding violations of the legal provisions do not only require the data to be deleted, but continue to incur fines. Theoretically – in the event of particularly serious commercial violations – they can even lead to an operational shutdown by the supervisory authorities.

The risk of an audit by the supervisory authorities should thus not be underestimated. This risk increases in relation to the size of the company. Above all, however, there is a risk that customers whose data was improperly stored and/or who did not give their consent could complain to the supervisory authorities, who would then be obligated to follow up on the complaint.

We will gladly coordinate and introduce measures to create a “clean” customer database in compliance with the legal provisions, so that you can be prepared for all eventualities. This will help keep your marketing activities legally compliant in the future and help you maintain valuable customer contacts. Please contact us to request an offer tailored to your needs or to obtain further information.