It’s only 11 months until the European Union’s General Data Protection Regulations come into force (25th May 2018).

Our webinar this week is taking a look at how you can start your planning process for GDPR.

First though, here is a rundown of our 5 most frequently asked questions. If any of this is new to you, or this is as far as your knowledge already goes, please do join us on Thursday!


What is The EU GDPR?

Standing for The General Data Protection Regulations, GDPR is the EU’s regulation of data processing for its citizens. It applies to every country holding and using data of EU members and replaces the inconsistent and out of date approaches of individual countries. It’s a binding legislative act that will replace a 20-year EU directive that first came into place when web technology was still very new. The GDPR will address security vulnerabilities that have arisen due to the digital lives we all now lead. The big aim is to enable a secure flow of data that individuals have greater control and visibility over by improving consent processes.

The GDPR applies to organisations located within the EU as well as businesses out-with, that supply goods or services to (or monitor the behaviour of) EU data subjects.  It’s important to remember that this isn’t just about you and your systems. Your suppliers will also need to play by the rules or you could still be fined.


Does it apply to my business before and after Brexit?

Come May 2018, we’re still part of the EU. So it will apply to every UK business. After that, it makes sense to comply anyway. If you are selling goods or services to EU members/citizens then you need to meet your obligations. If you’re operating only within the UK, the UK government has said it will probably follow suit.


What are the main headlines?

Storage – You need to be able to clearly define what personal data is stored, how it’s collected and how it’s used.

Processes – Businesses will have to be able to provide evidence of what type of data processing is carried out, how data is used, the flow of data throughout and out-with the organisation, access to data and protections at each step.

Consent – Consent agreements must be separate, simple and dedicated and recorded against each customer. Double opt in’s will become the standard, opt-in boxes cannot be ticked by default, and soft opt-in’s will become a thing of the past. People must understand why they are giving permission and be able to revoke it easily (even that must be recorded back to the customer file). The ‘right to be forgotten’ falls into this category too. If your existing data meets the new consent rules, it should be fine. If you’re in doubt, you should inform your databases and give them their right to be deleted.

Privacy by design – Just as it sounds; data protection should be part of the foundation of designing data systems rather than an addition.

Data Protection Roles – Depending on your business, you may be required to appoint a Data Protection Officer (DPO) under the GDPR. Public bodies are included in this as well as businesses that carry out large scale systematic monitoring of individuals (e.g. online behaviour tracking) and businesses that process large scale data relating to special categories. Regardless of whether or not you are obliged to appoint a DPO, you will need to ensure you have the staff numbers and understanding that you need to meet your GDPR obligations.


What’s the price of non-compliance?

Substantial. Technical related non-compliance e.g. impact assessments, breach notifications and certifications will attract fines up to an amount that is the GREATER of €10 million or 2% of global annual turnover (revenue). Key provision non-compliance will attract fines up to the GREATER of €20 million or 4% of global annual turnover. And that’s before we talk about reputational damage.

Data controllers within your business will be legally obliged to notify the Information Commissioner’s Office (ICO) of any data breach within 72 hours of its occurrence.  Note that if you are a public authority or you regularly monitor data on a large scale, you will need to appoint a Data Protection Officer, something worth doing regardless.


Business v CRM Responsibility

The GDPR offers an opportunity for cleaner databases, better quality lead pipelines, lower cost per acquisition, more accurate forecasting and better ongoing CRM.

Your CRM system should meet GDPR standards by implementing privacy by design and default in build processes. However, it’s a joint responsibility. Whilst Microsoft (and we, as partners) should ensure your tech is GDPR compliant with access controls and privacy functions, you must also ensure your processes and people are also compliant.  Dynamics 365 is already well prepared in its set up for GDPR so speak with your Microsoft Partner for further support and information.

Watch our essential GDPR webinar for more information.

Redspire is a Microsoft CRM solutions specialist and a Microsoft strategic Partner, which means we are qualified and trusted by Microsoft to deliver their solutions.

The General Data Protection Regulation (GDPR) is a big focus for us right now. Less than a year away, it will replace The Data Protection Act and means significant changes for how businesses handle data not least the severe fines for non-compliance. Even when the UK is out of Europe, non-conformity and data breaches can result in fines of up to €20m or 4% of your annual worldwide turnover.

There’s currently a lot of IT complexity out there. GDPR is an opportunity to streamline that technology architecture. Microsoft Dynamics 365 is already well prepared and meets those needs, it not only helps you to comply but crucially, demonstrates that compliance.

Can your Microsoft CRM Partner support your business and people journey to GDPR compliance? The rules of finding a CRM partner still apply.

A good GDPR CRM partner should be:

  • Looking at the role of data in your organisation, finding the changes GDPR will enforce, and identifying the edits and customisations to enable them.
  • Advising on role, record and field-based security for your team, reducing the risks associated with administrative rights.
  • Helping you evaluate how you answer points on consent, data purpose, and data retention.
  • Reviewing what triggers may be required throughout your system to maximise Dynamics 365’s detection and data breach reporting.
  • Pointing out the areas where Dynamics 365 will maximise the opportunity of compliance with GDPR such as turning double opt-in and lower sign up volumes into better engagement and conversion.
  • Knowledgeable in every facet of GDPR, of your current system(s) and integrations.
  • Following a process for supporting you through GDPR based on experience of your sector.
  • Prepared to continue to work with you as you get to grips with how it works in practice.

Watch our essential GDPR webinar for more information.

Holiday season is almost upon us and the travel and leisure industry is booming.

More people are seeking new experiences than ever before. And 76% of them are buying online. Not only is this great news for digital marketing, virtual experiences and efficiency, it’s a data goldmine that lets you meet your customers’ needs. From the first time they click through to your website, your customers are already imagining their holiday.


How deep is your data?

People expect personalisation.  They want to be treated as an individual and like to feel unique. They expect you to meet their needs without having to spell it out to you. For example, a returning customer will expect you to recognise them as quickly as possible. They need you to understand their preferences and choices based on previous interactions and purchases and will want recommendations and suggestions based on that.  To do that for every single one of your customers, you need to have a record of their buying behavior – data.

The ability to capture information about each and every customer and their every interaction with your business is what Microsoft Dynamics 365 refer to as a Single Customer View. The fact that Microsoft allows businesses to feed information from every department into one view on one system makes that insight far more valuable.

Suddenly, your segmentation is more meaningful, data becomes easier to manage and the nurture stage of your marketing campaigns can be so much more informed. The result is a delighted customer, rather than a satisfied one. And with most customers now spending a vast amount of their time in the social media ecosystem, you really do need to see them as part of your marketing team. People trust people and you can’t afford to leave people underwhelmed.


What makes Dynamics365 Single Customer View Different?

The term CRM doesn’t cover half of what Dynamics 365 can do. Microsoft defines it as end-to-end intelligent business applications in the cloud. It’s CRM and ERP working as a team to bring customer service, sales, marketing, field service, finance and operations together.  It creates one big management, implementation and feedback loop around the database, keeping your customers firmly at the centre of your business strategy.  That means that Microsoft’s Single Customer View really is the complete picture and that gives you real power to work more productively and communicate more effectively to deliver the personalised experience that customers want. Your business truly becomes insight driven.


Here are the big wins:



With task automation where a conversation isn’t required, and full sight of how a customer, or a group of customers interacts with other departments in the business, sales can focus on turning them into bookings.


Customer service

Full sight of a customer’s relationship with every department means customer service reps can do a better job of handling bookings, managing problems and maximising opportunities.



With a more joined up approach, customers get a more consistent approach across research, booking and the product or service. They get a better sense of your brand, which, in turn, means a greater likelihood to recommend or review on social sites.



Exceeding customer expectations is harder to achieve than it used to be. At one point it was enough to personalise an email. Now, it’s about connection and showing you know what makes them tick and going the extra mile to make their booking even more of an experience. It’s impossible without a Single Customer View and can only lead to positive customer reactions with insights from other departments.

As we become more aware of the importance of collecting data and how that can drive strategy, one thing to keep in mind is GDPR.  The General Data Protection Regulations come into force in May 2018 increasing the importance of how you store, manage and use customer data. Whilst it hugely tightens things up and may reduce your overall data count, it does mean that the data you have will be more meaningful. Whilst 83% of millennials are happy to have their habits tracked by travel brands in exchange for a more individual experience, your marketing team will need to work hard to ensure engagement so that they can keep their data on file.

If your organisation hasn’t thought about the implications of GDPR yet, you will find our upcoming webinar hugely helpful.


What now?

There are so many ways to talk to your customers, understanding how to reach them and where they spend their time is important.  Knowing everything you can about them enables product development and marketing strategies, but it also brings customer delight. In the social media ecosystem, the more opportunities to delight you have the better! It’s a guaranteed way to keep your brand alive in a sea of online results.

Does your Single Customer View do enough for your business? Download our free Complete Guide to Microsoft Dynamics 365 for more information or give us a call.