How Customer Data Unification Enables GDPR Compliance
What is GDPR?
General Data Protection Regulation (GDPR) is new European Union (EU) legislation that requires data privacy be baked into enterprise data handling. This legislation applies to any company that handles the data of EU citizens, even if that company has no physical presence in the EU. For this reason, while GDPR is EU legislation, it will significantly change the way that marketers collect, process, and use customer data around the world.
It’s important to take GDPR seriously, with fines for breaching the legislation reaching €10 million ($11.25 million), or 2 percent of global turnover, whichever is higher. EU regulators have also made it clear they intend to go after high-profile brands as a way of forcing businesses to comply. The good news is that, while GDPR is already in effect, the deadline for compliance is May 25th, 2018.
For consumer brands, the relevance of GDPR goes beyond compliance. An important additional consideration for marketers and analysts is their ability to continue using customer data for driving personalization and top line growth while being compliant. In this blog post we’ll take a look at the customer data handling stipulations of GDPR and how unified customer data can help marketers become GDPR-compliant.
Customer Data Handling Stipulations of GDPR
GDPR introduces new enforceable data handling principles along four key dimensions: data minimization, the definition of personal data, explicit informed consent, and liable parties.
- Data Minimization: GDPR stipulates that organizations not hold data for any longer than absolutely necessary, and also that organizations not change the use of this data from the purpose for which it was originally collected. Organizations are now also responsible for deleting any data at the request of the data subject.
- Personal Data Definition: In GDPR, the definition of personal data has been broadened to include online identifiers such as IP addresses and cookies.
- Informed Consent: Advertisers must now get explicit and informed consent from EU residents for collecting and using their personal data. Brands can no longer rely on so-called ‘clickwrap’ forms and must instead find a way to get user content devoid of pre-checked boxes or any other attempt to get implied consent.
- Liable Parties: GDPR expands liability beyond data controllers. In the past, only data controllers were considered directly responsible for data processing activities, however GDPR extends liability to all organizations that touch personal data.
These stipulations mean that marketers will now need to take greater responsibility when processing customer data. They will now also have to be thoughtful in figuring out how they can continue to use customer data to drive business impact while being GDPR-compliant. Beyond getting explicit approval from customers on ways their personal data is being collected and used today, marketers will also have to accept that non-compliant sources of data will have to be addressed or scrapped.
GDPR Customer Data Challenges
For most brands, customer data is scattered across many disconnected systems. This problem is exacerbated by the fact that the sheer volume of customer data being generated is exploding because of better instrumentation, improved technology infrastructure, and a desire to know and shape customer journeys.
Under GDPR if a customer were to ask for a data audit – what data you have about them, how it is being used, and who it is being shared with – most brands are in for a long and painful manual process, with any errors or delays during this process resulting in costly fines and customer dissatisfaction. This process involves working with each distinct system and its owners to find and extract the relevant records.
At the same time, without access to a unified view of the customer that includes contact preferences, marketers and analysts feel constrained in delivering the personalized experiences and interactions that consumers have increasingly come to expect. As an example, if a particular customer has opted out of email communication with the brand, marketers need access to a unified view of the customer that provides information on their social and app presence so that they can be reached on those channels.
Traditional mechanisms of customer data unification fall short because of two key reasons: the challenges with manual data cleaning and schema mapping, and customer identity resolution. Thankfully, there’s a better way.
Unify Customer Data to Ease Your GDPR Compliance Journey
An Intelligent Customer Data Platform (CDP) can help tremendously by providing a complete, unified database of all a brand’s customer data. An Intelligent CDP stitches together all of a brand’s disparate data sources, forms complete customer profiles, and makes those profiles available for easy exploration in real-time. It also identifies unknown data elements and sources containing data which otherwise may have gone unreported.
This means that if a brand is asked to perform a data audit for an individual or a group of people, staff can rapidly pull together all the relevant information from a single, highly accessible system. In addition, an Intelligent CDP refreshes constantly as source data changes, populating the latest suppressions and unsubscribes across all relevant customer touch points. This further ensures consistent compliance with GDPR-related requests and activities.
While compliance is important, many marketers are concerned that complying with GDPR will compromise their ability to form deep and meaningful connections with customers. An Intelligent CDP can help you make the most of our customer data while complying with both the contractual and technical challenges posed by GDPR.
Could an Intelligent CDP help you with your GDPR compliance efforts? We invite you to reach out to start the conversation!
Travis Ruff is the Chief Information and Security Officer at Amperity.