Inside The GDPR Strategy Of Software Company With 1,700% Growth

A conversation with Charlie Wright of Epos Now

GDPR Strategy

GDPR isn’t a threat to software companies, it’s an opportunity to improve customer experience and internal processes. Charlie Wright of Epos Now knows this. The POS software company that has grown 1,700 percent in 18 months is taking a proactive approach to leverage GDPR as a business enablement tool. Wright sat down with Software Executive and ISVinsights to share his take on this fast-growing software company’s approach to GDPR.

This is part of a series of vendor-neutral, non-promotional GDPR coverage from Software Executive and ISVinsights. 


What steps is Epos taking to educate customers about GDPR?

Over the coming months and after the GDPR is in force, we will be providing a range of engaging content. Internally it’s an opportunity for us to leverage the technology we have to continue to provide excellent customer service. More importantly, it is our opportunity to be a thought leader in our industry and provide ongoing education to our customers about how they can meet the GDPR standards in their business. We want our customers to take control of their data in a way that suits them – alongside this we can then provide an educational hub with hints, tips, and best practices on how to be GDPR compliant. We’re providing guidance on internal practices they can put in place to improve staff knowledge and keep their data reliable, relevant, and accurate.

What steps has Epos had to implement/what have you had to change in order to become compliant?

Epos Now has undergone a cyber security analysis by a third party provider measured against the ISO 270001 accreditation standard. We wanted to ensure that, as a business, not only are we meeting the requirements of the GDPR, but that we are also protecting our customers’ data against the highest standards.

We have leveraged our long term partnership with Salesforce to keep an audit trail on individuals’ processing requirements. Examples of this are tracking preferred communication methods, marketing consent, and developing a platform that will manage subject access requests.

With a few months to go until GDPR becomes enforced, we are going to be building an environment which allows our customers to take control of their data in a secure environment. The plans have been underway for some time, but the delivery is being kept close to our chest.

We have penned a complete overhaul of our data security policies internally and have a scheduled training plan for all staff so that they’re aware of the GDPR, how they can implement it in their day to day roles, as well as explaining how Epos Now is changing its ongoing commitment to information security.

Were there any particular things you had to consider or anecdotes you could share while formulating your GDPR strategy that other software companies could learn from?

Like most growing businesses, we are focused on providing an excellent customer experience. Maintaining the customer base is the secret to any business success. Epos Now has utilized the Salesforce platform for four years, collecting thousands of customer touchpoints, tens of thousands of data insights, and millions of records in the most secure CRM environment on the planet. Without resting on our laurels, we have an up to date data map. This is the first step any business should take – ensure you know where your data is, where it comes from, how it’s used, and who has access to it, and then decide if it’s necessary.

Understand what processes you have to ensure data is accurate, relevant, reliable and secure. Following that exercise, and implement a data management structure that has accountability at the highest level. This means data is governed throughout the business rather than in a small IT department. More importantly, it allows the business to update data measures smarter, more efficiently, and strategically.

Finally, present the GDPR to your executive team and decision makers. Tell them what it means to your business, how you can empower your customers to take control over their data, and how you can use this change in legislation to upskill your employees.

Epos Now believes the GDPR is an enabler for continued success and I would encourage any business to celebrate the positive impact it will have on their relationship with customers. Identify how you can leverage the legislation changes to set yourself apart from the competition.

What remaining questions do you still have about GDPR?

The role of the Data Protection Officer needs greater clarification for businesses not processing special categories, or are public bodies. How can small businesses handle the position of a Data Protection Officer? Are there enough DPO specialists in the market? Are they full-time roles? Can the role be outsourced to a legal representative? What protection does the DPO have if there is a data breach?

How can GDPR be leveraged as a business enablement tool? How do you see this playing out both before and after the May 2018 deadline?

The GDPR will enable businesses to be more honest and transparent about processing. The age of customer experience has brought a sense of immediateness, a mobile-first culture, and an expected consistency in customer experience. Data has exploded over the last few years and the emergence of AI makes the GDPR all the more important. For businesses to provide excellent customer service, they need to leverage the data they have to create smarter insights. Therefore the GDPR is an enablement tool which will encourage businesses to collect accurate, relevant, and responsible data. Those companies that do will succeed in the age of customer experience. They will experience far less churn, higher customer satisfaction, and overall business growth.