Do you want to talk to Matt? If so, call on +44 (0)344 567 8790

Don’t miss out on our latest articles, insights and events

How GDPR-led analysis should drive your CRM data migration plan

Last month I wrote a piece using the analogy of a house move for your organisation’s data migration. Whilst describing the expected migration stages it was admittedly a little light on GDPR factors.

At Hart Square, we continue to see great progress and much ongoing work on GDPR compliance. This is especially true where a project migration becomes another catalyst for increased compliance actions.

We find our discussions about “urgent GDPR action” have normalised into newer discussions on data strategy and governance: how best to plan and do the ongoing data “chores”.

Returning to the house analogy – as it has some depth – what happens when:

  • You sit down to sort through all those data drawers as part of a house move and realise there’s more sorting to be done than you thought,
  • You find several items stacked on shelves still reading: “why have you kept me?!”

The good news is that you can and must use all activity conducted before and after 25th May 2018 to double down on your GDPR efforts during a migration – it is the perfect time to take further action.

Quick tips for blending GDPR and migration approaches for best outcomes:

  1. Source data analysis/GDPR compliance checks
    • When identifying and analysing data for migration, you naturally go back to GDPR principles:
      • What have we got and where is it?
      • Upon what lawful bases do we hold it?
      • How well is it protected and what are its retention rules?
  2. Decision making
    • GDPR-led analysis is a perfect path to the right decisions about what to migrate or not.
    • Responsible proactivity like: “we do not run that function any more so let’s not keep the data”, or “we must migrate that data. We hold it under legitimate interests”.
  3. Exclusion/Inclusion rules
    • To help with the classic dilemma – “how far back should we keep?”
    • A clear set of GDPR retention rules sets certain migration rules for you, e.g. “seven years data back for contacts’ order records as we must retain an audit trail for HMRC”.
  4. Risk management
    • These processes help with the reality if certain data sets are being retained or processed in a way that presents risk to your organisation and data subjects.
    • You may simply enforce a GDPR recommendation previously made yet not fully actioned.
  5. Data Protection Impact Assessment (DPIAs)
    • It is ICO guidance and music to Hart Square ears to hear clients are conducting DPIAs for all new projects now where personal data will be affected.
    • And remember, a migration itself can be subject to its own discrete DPIA.
  6. Consent opt ins, preferences
    • Lest we miss the startlingly obvious: your migration must assure how preference centre management continues GDPR compliance in the new system and how preference data is accordingly mapped, loaded, then managed day to day.
  7. Marketing tools
    • A lot of implementation projects we see “put in” a replacement marketing tool.
    • Become the expert on how your preference data securely flows to and from all new systems
    • Know the exact points where someone may update their preferences with you

Remember – data still exists even if held in archive so do consider what constitutes data deletion, or anonymisation where deletion is not an option in migrating your data.

There is a huge payoff here regarding investment value if you focus on aligning all decision makers on the true value of the data to your organisation and your data subjects.

You can achieve both goals: abide with ICO GDPR principles, and hold highly valuable data.

One last dig for victory into the analogy then:

Doing this work well, you should reach a point in your project where you pejoratively slam the doors shut on the data van and say, as you see it sweeping off to your new home.

“I’m glad we spent the time on that. We only packed what we really need in the new place!”

 

Successful implementation

To learn more about system implementation management, join our training programme “How to deliver successful projects“. The whole course is invaluable and module 5 focusses on “Delivering a Successful System Implementation” including Data Migration