Share in our experience of customer insight and data management


’Tis the season to ensure you have a legal justification for processing – Part 2

Published: Tuesday, 6 February 2018 by Joe Cripps, Product Manager
Digital Intelligence

Last week I set the scene regarding the challenge millions of organisations will face this year when GDPR rules come into force. Part 2 of this blog examines how organisations should address the challenge of complying with the new rules in a way that delivers competitive advantage.

Despite all the negative press and scaremongering over the past 18 months, GDPR legislation is in fact closely aligned to digital marketing best practice. It aims to eradicate the questionable tactics employed by those organisations who send large numbers of untargeted communications and promotions which offer little value to recipients. For organisations with sophisticated marketing strategies who aim to deliver value to their target market through personalising their message and promotions, the eradication of scattergun tactics should be an opportunity for growth and to gain market share. However, investment may be required to maximise the business benefits available and a journey of transformation (as outlined in the figure below) will be required to bring best practice and compliance to your customer data management strategy.

To comply with GDPR, organisations need to find a means of exerting more control over their customer data, to eliminate illegal processing. In most cases, organisations will need to ensure that their data is more detailed and that the information or profile they hold for every individual includes a legitimate legal basis for processing. Organisations must analyse their current customer data infrastructure to ascertain whether the resources they currently have at their disposal are sufficient to deliver compliant operations. Questions to ask include:

  • Can you collect all customer events (including consent choices) across all digital channels and IOT devices in real-time?
  • Can you easily identify the customer and update existing records you hold for them with the information collected above?
  • Can you update this customer data with data collected from offline sources (e.g. call centres)?
  • Do you have access to a ‘single source of truth’ for each individual customer, or is your customer information siloed and distributed across multiple systems, with inevitable incompatibilities and data inconsistencies?
  • If a customer requests deletion of their personal data, or if the regulator requests access to the data you hold for an individual, how easy will it be for you to fulfil this request? If requests like this come at scale how much will it cost to respond?
  • How will you use the customer data you have collected to control data processing and ensure compliance to GDPR?

These are specific challenges, caused by significant regulatory changes, which many organisations will be ill-equipped to address. Each organisation is unique, but in many cases the implementation of a real-time assembly customer data platform (CDP) is the best way to address the points above.

What is the role of an Assembly CDP?

A platform which assembles operational customer profiles by collecting interaction data from customers’ online and digital behaviour. Captured data is enriched with contextual information, combined with data captured offline and then used to update existing profile information for that individual. The CDP maintains, stores and distributes customer profiles containing all information relating to an individual customer or prospect. The CDP is a centralised platform which eliminates data silos which form between different databases. The implementation of a CDP is an architectural transformation in which an organisation opts to feed its databases, analytics solutions and marketing tools with detailed and consistent data from a central source. Organisations who implement a CDP have one common objective – to improve the quality of their customer data, which will in turn enhance the performance of the systems it serves.

How can an Assembly CDP ensure compliance?

Some CDPs can collect consent choices made by customers, along with the interaction data they have been configured to capture. This consent data constitutes proof of a legal basis for processing and, depending on the capabilities of the CDP in question, the customer profile could be used to fulfil data portability and right of erasure requests from customers, or to facilitate investigations from the regulator.

Also, depending on the CDP’s ability to connect to third party systems, consent data could be used to automatically restrict data processing where no legal basis exists. This requires a seamless integration between the CDP and the systems your organisation uses to process data and engage with customers, such as decisioning systems and marketing platforms.

The Celebrus CDP and GDPR compliance

Just as GDPR is aligned with digital marketing best practice, by delivering an optimised data management strategy, Celebrus goes beyond ensuring compliance to the new regulations. Unlike traditional CDPs who predominantly record web interactions, relying on tag management, Celebrus captures all digital behavioural data across every channel and device, in real-time.

Celebrus collects all customer data, including consent preferences, using a customisable interface such as the one displayed above to form highly detailed customer profiles. This customer profile data is transformed to a standardised format which is compatible with leading systems of insight and engagement including Teradata RTIM, Pegasystems Customer Decision Hub, Adobe Experience Cloud and SAS RTDM. Consent data within Celebrus customer profiles can be used to automate and govern the flow of data to these third-party systems to ensure that processing only occurs where a legal justification exists.

To find out more about best practice to these regulatory changes, click here to download our practical guide to GDPR or email us at to discuss any of these points in more detail.




Privacy settings

At D4t4 we are all the about the data. We are serious about data protection and your privacy so we will only collect your personal data and use it with your permission. We use cookies to collect statistics to optimise website functionality and deliver content tailored to your interests.

Our three categories of collection are detailed below.

Essential browsing only We will only collect the essential data required to enable core site functionality. We will not collect any personally identifiable information or behavioural data.
Browse anonymously We will only collect your browsing behaviour on the website to help understand our customers' needs and improve the experience for everyone. We will not collect any personally identifiable information so we won't know who you are.
Personalised experience We will only collect information that allows us to identify you and make your browsing experience as smooth as possible by remembering your log in details and saved items. In the course of dealing with you, we may need to pass your personal data on to third-party service providers contracted to D4t4 Solutions.

You will be able to change your options at any time by clicking the Privacy settings link and our full Privacy Statement can be viewed by clicking the relevant link.