administrationWho really puts "the customer at the center" knows well that the best brand is for the birds, if the customer care and service is not working.

Recently, Mark Zuckerberg announced his plans to expand the Facebook Messenger, intending to make it the central service hub for companies and customers, while providing written support by chatbots.

This raises the question, if in a few years only robots will handle customer requests and in fact it can’t be ruled out. If the computing power continues to increase, it is quite conceivable that we will have a lot more self-service and robotics in the customer service industry than we imagine right now and probably it will go in the direction Mark Zuckerberg outlined.

Who carries the responsibility for the collected data?

The proportion of self-service compared to personal calls or counseling is nowadays actually still very low in CRM, and the call volume basically never really declined - not even after the launch of the email. Hence, chat via messengers or bots won’t reduce the call volume fundamentally either, as chats are generally used as an additional channel that complements but basically doesn’t replace the commonly known existing channels. Not to mention that providing only services with robots in social networks, wouldn’t deliver a good service in the long run, and customer service has especially there a very strong external impact. Clearly, we will still need real people there giving personal advice in the future, but for standard requests and service concerns that recur, automated services make sense already.

However, what most probably will happen is that in all other channels, the callers will most likely start to expect an even higher quality service than they already do today. Consequently, this requires more tracking and tracing to get deeper insights and brings us back to the big question of who will be responsible and owns such data, since it is nowadays all about privacy protection.

Will there be a privacy law, which ensures that the data left behind on social media networks is - and will always be - mine?

If the data is owned by the consumer, the scenario is easy but different from how it is handled today, because companies wouldn’t then be allowed to do with the data what’s technically possible.

If it continues as it is now - namely that the data is owned by the companies - then the vision of Mark Zuckerberg is very close to reality. In essence, we are not talking about a technical issue but data protection, and the question of how much power we want to hand over to the companies from Silicon Valley.

That’s why for CRM in the cloud the contract with the service provider plays a central role, which should explicitly specify a number of things, such as the technical and organizational security measures. Such a contract is definitely no carefree package, as many applications push to the cloud and CRM solutions are no exception.

What to keep in mind when customer data is now managed in the cloud?

At least the implementation of the six protective regulations of data protection are required in the contract: confidentiality, integrity, availability, transparency, and the opportunity to intervene and not being linked. As a business professional, you should:

  • Ensure that a written contract with the Cloud service provider is in place, under which the service provider promises to comply fully with data protection law at all times.
  • Make sure that the service provider has implemented sufficient technical and organizational security measures to protect personal data, and to achieve the security objectives of availability, confidentiality and integrity of data.
  • Ensure that you are in control over the data, particularly over access rights and privileges.
  • You might want to carry out a risk assessment to understand any vulnerability caused by putting data into the Cloud, and the potential harm that will be caused if there is a security breach or other form of unlawful activity.


CRM data in the cloud can trigger external desires, therefore, the technical isolation of individual applications is absolutely important. If an inspection is not possible, cloud computing should have to be prohibited. In fact, so far, the control options are still poorly understood and even less implemented, making a careful selection of the cloud provider the more important.

The cloud provider should precisely describe the subject and the duration of the contract, the type and location of the data processing, the technical and organizational backup, the exercise of data subjects' rights, the data correction and in particular the deletion, but most of all possible subcontracting. Besides, in case of cancellation of the cloud provider, the entire database must be returned to the customer. The same applies to a change of supplier, meaning that personal data must be deleted without residue at the original cloud provider. All of that must be a defined part of a good cloud contract.

By Daniela La Marca