Bpm’online has a built-in advantage for complying with GDPR

If you’re trying to update your platform for the upcoming General Data Protection Regulation (GDPR), there’s one thing that’s very handy to have: A business process engine.

In fact, business process management is the meaning behind the first three letters in Bpm’online’s name, indicating the importance of such an engine to this process-oriented customer relationship management (CRM) platform for B2B and B2C marketing, sales and customer service.

Founded in Kiev, Ukraine, in 2002, the company expanded to the US and elsewhere and is now headquartered in Boston, although R&D remains in its former hometown.

The majority of Bpm’online’s business — about 60 percent — comes from non-European markets, chief evangelist Matt Tharp told me. But, with the European Union market accounting for such a large portion of its business, he said, compliance with GDPR has “been on our radar for quite a while.”

And it fits into the platform’s approach.

About process

“A lot [of GDPR compliance] is about process,” he said, adding that “the process engine makes new processes easier than I’ve seen in other technologies.”

Out of the box, the engine lets its users design and apply such components as workflows, permissions to access data, actions users can take, forms and what the system needs to do with data in certain conditions.

But Bpm’online doesn’t provide front-end processes or other assets that enable its business customers to capture end user consents for specific use cases, as GDPR requires.

It does enable back-end data management across various channels and for various use cases. Tharp said that a number of channels and use cases are available already, and the platform can add additional ones. There is also the ability to track data so that, for instance, a business can tell an inquiring customer that her data was batch-sent to an ad network.

For many companies, GDPR compliance involves a new executive office, often called the Chief Data Protection Officer and sometimes involving general data security beyond user data. Tharp said that his company is not currently planning to hire for such a position, although it has set up a permanently assigned team of staff personnel dedicated to consumer data protection.

For its markets outside the European Union, Tharp said he expects GDPR compliance will provide a competitive edge among customers concerned about customer data control and privacy. And, he advised, such compliance is a must-do for “for all US companies thinking about geographic expansion.”