Why meeting GDPR will all come down to your CRM

I’m in a fortunate position to say that we’ve managed to make good progress with our GDPR planning at Time4Advice. We took a decision to bring in external expertise from Brookland Computers Services. They’ve done a great job in helping us understand where we were deficient and what we needed to do, using a detailed gap analysis and action plan.  

But the thing that this process has reaffirmed for me, is just how crucially important it is that a CRM and back office is built around a singular dataset, hosted in one place. Meeting GDPR requirements today is only half of the battle, it also needs to be done cost effectively and reliably going forward. 

When Time4Advice built our CRM and back office system, CURO, we placed data integrity at the centre of our design, so that it can be viewed, accessed and modified from a single viewpoint. As any technology firm will tell you, your outcomes are only as good as your data input. Multiple data sets with little or no synchronisation will inevitably lead to a decline in its reliability and accuracy. Furthermore, without the ability to modify your data in one place, the administration to ensure it’s maintained in line with GDPR becomes a burdensome, if not impossible, administrative task. Think of all the data stored in your emails, Excel sheets, marketing systems, back office systems, cloud storage etc. How will you ensure you can update or delete each instance, every time a client’s information changes? 

We also took the decision to build CURO on Microsoft’s Dynamics 365 CRM. This has two distinct advantages for GDPR. 

Firstly, it allows our clients to capture all their most valuable data in a structured way, but then offers unfettered access to this data for highly personalised reporting and meaningful business intelligence (the latter using the amazing Microsoft Power BI analysis tool). This means you can keep track of the administration of not only advice but also compliance, across the whole of your business at any time. 

Not all systems allow this level of data access, which means that once the data is entered in the back office, it become inaccessible. Therefore, in our experience, so much of the data held in back office systems rapidly becomes redundant and cannot support GDPR and compliance monitoring in an easy and seamless way. To expand on this point, I was talking to a firm recently that uses one of the main back office providers. They were trying to use a template builder solution but found that data that they wanted to reference in a comprehensive client letter could not be accessed because architecturally, there was no line of site connecting the data tables the client wanted to aggregate data from into a single letter template. I like to use a property analogy to explain this issue, which is not uncommon and has been stated by many firms that we meet. 

The main back office systems were designed in the mid to late ‘90s. When they came to market, they could be likened to a two-bedroom bungalow sitting in a five-acre plot. As they gained traction in the industry, legislation changed (think RDR) and their clients fed back suggested improvements to cope with the changing business models. The bungalow gradually grew to become a twenty-seven-bedroom mansion but built by extension. The problem is that the corridors inside, just don’t line up and so visitors often find that they can’t reach parts of the house without walking out the front and re-entering via the back door. This is exactly the problem with software that has grown over the decades via extension. The headlines sound great but when you get inside, things just don’t line up.

Secondly, Dynamics 365 benefits from an annual $2bn R&D investment from Microsoft, which means the platform sitting under CURO will always be a secure and state of the art way of managing data, continually refined using feedback from over 5 million users.

So, assuming data integrity is both the most valuable asset and biggest risk an advice firm has, why is it poorly managed in just about every business we meet?

I believe the answer is that many solutions for managing data that financial planning firms have in place today were probably originally designed for advice in a previous era, and the technology has subsequently dated. Over time the systems and processes are simply amended to keep up with changes, but this often leads into a technology and data cul-de-sac. This siloing of data means that they can struggle to help firms easily meet the requirements of GDPR without unnecessary drain on their time and resources.

A modern RDR and GDPR compliant business needs modern technology that sits at the heart of everything the business does. It needs to be the single truth where all company data is aggregated and made available to the various modern reporting solutions that exist today. It is only when you have a single connected system rather than all your data held across multiple technologies, that you will stand any chance of compliance with GDPR.