Post by Loreen Jamieson |
In this final run up to 25th May when the GDPR comes into force, the ‘compliance’ fervour is palpable in law firms. Given that a core component of the GDPR is about the protection of personal data, it is logical that firms are paying a great deal of attention to ensuring that their CRM processes demonstrate compliance with the legislation. CRM systems such as Lexis InterAction can greatly benefit firms in their GDPR compliance efforts.
However, this deadline is not a one-off, tick box exercise – firms need to continue to lawfully process personal data and ensure it is accurate post 25th May too. Adopting a manual approach to data accuracy is likely to be fraught with errors and delay, as well as involving a considerable amount of effort. On the other hand, intelligent data and relationship management capability can make demonstrating compliance with this principle, a routine activity. CRM systems such as Lexis InterAction can significantly support these requirements within their existing data change management features. In addition to this, Lexis InterAction IQ can assist firms with the data protection principles of GDPR compliance:
Automated updates to contacts
Article 5(d) states that: “Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.”
For busy lawyers, manually keeping contact data up to date in a CRM system is a challenge. Expectations that data is ‘miraculously’ correct without their intervention, is a mindset that is prevalent across a significant number of law firms. Consequently, they have asked for more automated methods for doing this, and this is where InterAction IQ can help. It uses signature scrapping functionality to support the process of keeping data up to date. It mines the personal signature information in emails to discover updates to existing contact data and has the ability to automatically add new contacts to the InterAction database through the existing data change management processes. This means that when InterAction IQ spots a change to an existing contact, it alerts the database administrator, who can then decide if the details in InterAction should be amended or rejected. This kind of passive data management capability is essential for effective and consistent data accuracy. Whilst InterAction IQ is integrated within InterAction, contacts marked private or personal are excluded from processing.
Clients have also stated that InterAction IQ has reduced their data processing time by approximately 25% and significantly increased the quality of contact records.
Article 5(a) requires that: “Data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.”
InterAction IQ provides a great deal of visibility of communication between fee earners and clients, which can help with demonstrating fair and transparent data processing. For instance, InterAction IQ can identify if fee earners are communicating with individuals who aren’t recorded in InterAction. This initiates data alerts through the data change management process enabling fee earners to validate whether the contact should be added to InterAction. This can then proactively initiate the new contact review process for the database administrator.
This is also pertinent to Article 5(f), which demands protection of personal data against unauthorised or unlawful processing.
Gary Hibberd, Managing Director of Agenci, has said of InterAction IQ: “The tool offers a way to understand where your contacts came from and to ensure that you're holding the correct information. This in turn demonstrates that you're handling data in a diligent and responsible way. This kind of accountability and level of control is lacking in many organisations today."