I'm not sure about CRM specifically, but certainly various serious companies are aware of the EU data protection rules and take specific steps to comply. For example, I've been looking at off-site back-up for one of my companies recently, and while talking to Mozy they confirmed unambiguously and with specific details that any data from my company (in the UK) that was backed up using their service would be held in various protected ways in specific data centres within the protected area.
If you're in a business like that, where people are trusting you with that kind of sensitive information, I think you expect that serious customers are going to ask and they're going to need straight answers. I would agree that this is a barrier to entry for start-ups, but I think if you're trying to enter that kind of market but you aren't in a position to provide that level of service, you're already dead anyway.
If you're in a business like that, where people are trusting you with that kind of sensitive information, I think you expect that serious customers are going to ask and they're going to need straight answers. I would agree that this is a barrier to entry for start-ups, but I think if you're trying to enter that kind of market but you aren't in a position to provide that level of service, you're already dead anyway.