"Nobody wants to put its business and its customers at risk, do you?"
Anyone can become a great sales and marketing manager with many tools and metrics at his disposal. But many companies experience martech solutions that have legal and compliance issues putting both their business and their customers at risk.
Imagine how you could grow your business with no legal and commercial risks, and how it could even be a competitive advantage in a new world where the tenders are now taking these risks into account.
What do we talk about legal and commercial risks?
In short, the United-States has put in place a large body of extra-territorial laws to fight corruption at the international level and to prosecute companies that do not respect the embargoes set as part of their foreign policy.
The main text concerning corruption is the Foreign Corruption Protection Act (FCPA) of 1977. The embargoes are controlled by the Office of Foreign Assets Control (OFAC), an agency of the Department of the Treasury.
They apply to countries or individuals or to types of equipment, based on ad hoc laws or regulations such as the International Traffic in Arms Regulation (ITAR) and the Export Administration Regulation (EAR).
Simply using the dollar, an American software, or employing a US citizen makes you comply with the American law.
In 1998, the American judge extended the definition of a foreign actor's connection with the United-States (the nexus) as the legal basis for prosecution. If using the dollar is the most frequent nexus, the other criteria now include the employment of an American citizen or his presence at a meeting as well as an e-mail transit from a server based in the United-States. The simple use of an American software could be recognized as a nexus.
In 2016, the European Union and the Swiss confederation negotiated the Privacy Shield in order to have a legal agreement regulating the transfer of data from European companies and citizens to the United States.
The Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in July 2020 due to proven non-compliance by the United States of America. A decision with serious consequences for European companies and institutions using Made in USA software.
Any transfer is now potentially illegal. A thunderclap for American platforms and US software vendors!
The CJEU concluded that "US law is contrary to European fundamental rights ... and does not guarantee the right to an effective remedy of access to an impartial tribunal".
US platform user data is transferred to the United States to be stored, processed, and analyzed by itself, and US agencies such as the NSA have de facto and legal access to it. The location of the storage (in a European country for example) does not solve anything since the American law allows the extraterritoriality of all the data as long as the service is operated by a company of American nationality.
Enough to make the legal departments tremble when the sales and marketing teams make US SaaS choices!
American companies, and even their branches hosted on our territories, being subject to the Patriot Act before having to respond to the European GDPR, the challenge for our companies is the constant monitoring of our customer data, contracts, quotes. Besides that this puts them in legal danger because they can be challenged as much by American authorities to put pressure (remember Alstom case) as by European customers who do not wish to be themselves exposed. Enough to make the legal departments tremble when the sales and marketing teams make US SaaS choices!
What are the obligations of companies in the face of these risks?
European courts have ruled that data protection in the United States is limited, data from the EU is considered insecure when transferred to the United States. European companies must therefore be in a permanent capacity to guarantee that the national security and investigation authorities of the country receiving the stored data do not have access to the personal data.
With the CLOUD Act, even data stored in EU is available to the US government
Clearly, when they use American software likely to transfer data to their governmental organizations, companies must justify the traceability of all their data and that of their customers without any personal data being accessible. Impossible mission.
The situation is particularly difficult for small and medium businesses (SMB), as they normally do not have the know-how and the means to ensure such traceability and analyze the level of legal and commercial risks they take on for themselves and their customers.
In the current situation, EU companies could also ask US business partners and service providers to use all available technical means to optimize data protection, for example the use of end-to-end encryption. But how to be sure ?
What choices for European companies?
The global digital market is currently polarized between two major players whose outlines of an economic war are emerging, the United States and China. The cancellation of the Privacy Shield mechanism does not effectively prevent the transfer of data to American territory, since it is possible to use the standard contractual clauses, but it complicates this transfer and indirectly encourages the development of the European internal market to encourage the emergence of purely European alternatives.
"Take advantage of the GDPR compliance to choose a European software to manage your clients data"
Enterprises must question the risks encountered in their economic activities. What is essentially mentioned is data plundering. GDPR also shows that as a result, the Europeans have started adopting their own rules. What remains now is convincing our European business leaders that using American softwares to manage data represents different risks:
- Risk of looting in favor of companies of our allies in the context of calls for tenders.
- Risk of direct control of activities and indirect pressure.
- Legal and financial risk of on-line American law enforcement.
- Sanction by the EU for European companies that comply with American rules.
Decision-makers, sales and marketing managers, directors of information systems, now have a decisive role in the choice of their softwares. They engage their companies knowingly now. They must now develop a culture of digital empowerment, resilience, sustainability and protection across Europe. To constantly ensure the best standard of respect for the data of companies and their partners, European companies must host all data on European territory and strive to only use European software subcontractors having the same values.
Friendship, however, does not imply submission.
Stéphane Couleaud, founder and CEO Webmecanik
Webmecanik is the european automation software suite for sales and marketing
The rapid adoption of Webmecanik as an alternative to proprietary and expensive marketing automation solutions such as Hubspot, Marketo, Oracle Eloqua, or Salesforce Pardot has been a key factor in the company's growth. More than 50 partners and 1.000 companies have already joined the community of Webmecanik users throughout Europe.
Webmecanik Automation is the behavioral analysis of your prospects and customers in addition to the data present in your CRM and ERP. Combined with your sales information, Webmecanik Automation automatically triggers the right message, to the right person, and at the right time. Customer relationship management is total and omnichannel, from email, sms, and mail to websites. Salespeople are alerted with up-to-date information in real time.
Webmecanik Pipeline is the CRM that collects, stores and organizes your information about your hot leads. Pipeline manages your team's schedule. The right pace and the right information is the guarantee of successful growth.