Introhive Scores Fast 50 Hat Trick | The only Atlantic company to make Deloitte's list three times. | Learn More

Skip to main content
Contact Sales get started
Blog Automation

GDPR and Enterprise Relationship Management Demystified

Shield on a laptop protecting sensitive dataIn January 2019, in one of the largest privacy fines ever, the French National Data Protection Commission imposed a €50 million penalty against Google for violating the Eurpean Union’s  General Data Protection Regulation (GDPR).  

Created in response to the increasingly commonplace threat of data breaches and consumer privacy violations, regulations like GDPR are spreading around the world. As Introhive’s Data Protection Officer, I’m certified in understanding these new rules (including GDPR, Canada’s Anti-Spam Legislation and Personal Information Protection and Electronic Documents Act, and the California Consumer Protection Act). But I certainly understand why many organizations and executives are struggling to grapple with the growing tidal wave of rules and processes.

In particular, I’ve encountered confusion about these regulations relate to organization’s customer relationship management (CRM) and enterprise relationship management (ERM) platforms, like Introhive.  

But with even more regulations certain to appear in the months and years to come, as well as risk to reputation and client relationships at stake, businesses can’t afford to fly blind.  

So read on for some quick education—and myth busting—on GDPR, specifically, as well as the role ERMs play in assisting organizations in all types of data privacy compliance.

Related Reading: GDPR Compliance: 4 Things Your Law Firm Needs to Avoid Penalties

GDPR myth busting

Designed in 2015 and enacted in 2018, GDPR aims to give EU citizens more control over their personal data. Since its inception, several myths have sprung up around the regulation. But don’t be fooled.

Myth No. 1: GDPR only applies to EU organizations

Because EU citizens do business with organizations all over the world, no matter where your organization is based, it may be affected. Indeed, if you can answer yes to any of the following, you likely need to comply to GDPR.

  • Does your business offer goods or services to individuals?
  • Does your company monitor the behavior of individuals?
  • Does your company have employees in the EU?

For a more detailed look at what GDPR entails and who it applies to, download our white paper.

Myth: ERMs introduce risk by pulling in information without consent

The truth is, ERMs and relationship intelligence automation tech, like Introhive, help you enrich (or complete or make whole) the contact information of the individuals you already have consent to talk to.

Relationship intelligence automation tools, like Introhive, can grow your database of already regulation-compliant contacts by five to 10 times, as well as help you visualize those relationship maps. But we don’t build a cold database of people for you.

What’s more, express consent isn’t the only way GDPR allows you to collect an individual’s information.

Related Reading: What is Relationship Intelligence Automation

Data Controllers vs. Data Processors

Occasionally, I am asked how Introhive obtains consent to process the business relationship data we help our clients visualize. But that’s another myth! In fact, it’s up to data controllers to get consent—should they even need it (see above myth).  

ERM platforms, like Introhive, are data processors. We handle data subject information on behalf of data controllers, our customers.

Still confused? Here’s an example: An individual (data subject) visits the website of an accounting firm (data controller) and fills out a form requesting information about a new service. The form sends that individual’s information to the firm’s CRM system. Behind the scenes, the firm contracts with Introhive (data processor) to automate the enrichment of that contact’s information, creating a holistic data picture to map and visualize relevant relationships to that prospective buyer.

For a quick reference guide to who is responsible for what, check out the list:


Data Controller

  • Develop, implement and demonstrate compliance processes
  • Retain data subject consent for data collection, processing
  • Provide notice to data subjects about processing (who, when and where)
  • Communicate data breaches to regulating bodies
  • Vet data processors
  • Approve sub processors
  • Pay fines

Data Processors

  • Develop, implement and demonstrate compliance processes
  • Conduct confidential data processing
  • Support data controllers with breach notifications
  • Return or delete data at data controller request
  • Vet sub processors
  • Pay fines

How an ERM can help keep you compliant, and then some

While GDPR and other data privacy regulations may seem daunting, there’s no reason to be scared off of data collection. When done right, it can be a boon for not only businesses, but also for personalization-loving consumers.

In fact, 65 percent of customers are happy to share their information in exchange for more targeted marketing. And nearly 67 percent are willing to share their data if they receive some form of benefit in return.

But what you need to be mindful of is, once you’ve gathered all this data, how do you ensure it’s GDPR compliant? My first recommendation is to make sure your organization has a privacy policy in place.

Next, consider employing an ERM platform, like Introhive, to help keep your business relationship data clean, accurate and easily understood and managed.

Because we don’t just gather data, we enrich and provide intelligence, Introhive specifically gives data stewards increased power and insight into data, with the ability to oversee and scrutinize relationship data from initial consent all the way through the customer’s lifecycle. 

Users can, for example, see bulk reports of weak relationships (such as contacts your professionals haven’t met or engaged with recently). They can then even bulk analyze contact data in order to more efficiently remove those contacts from your database—limiting your liability to regulations like GDPR.

What’s more, thanks to Introhive’s proprietary algorithm, users can identify people you might need to obtain consent from, and then use relationship intelligence to show you which person in your organization has the strongest connection to them (and thus might make the most sense to initiate the consent process).

Related Reading: Why GDPR is a Marketing Opportunity, Not a Burden

Stay ahead of the data privacy curve with trustworthy technology

Introhive Data Privacy & Security GuideAs consumer data privacy regulations around the world grow stricter and wider spread, you need an enterprise relationship management partner with baked in data privacy and security and stellar credentials.

To learn more about how Introhive’s end-to-end ERM platform will keep your sensitive data safe and secure, while getting the most value from your existing tech stack and delivering insights to grow your business, download our Data Privacy Guide, request a demo or contact me.

Introhive | sharpen your law firms competitive edge feature image | Sharpen Your Law Firm's Competitive Edge

Sharpen Your Law Firm’s Competitive Edge