’Tis the season to ensure you have a legal justification for processing – Part 2Published: Tuesday, 6 February 2018 by Joe Cripps, Product Manager
Last week I set the scene regarding the challenge millions of organizations will face this year when GDPR rules come into force. Part 2 of this blog examines how organizations should address the challenge of complying with the new rules in a way that delivers competitive advantage.
Despite all the negative press and scaremongering over the past 18 months, GDPR legislation is in fact closely aligned to digital marketing best practice. It aims to eradicate the questionable tactics employed by those organizations who send large numbers of untargeted communications and promotions which offer little value to recipients. For organizations with sophisticated marketing strategies who aim to deliver value to their target market through personalizing their message and promotions, the eradication of scattergun tactics should be an opportunity for growth and to gain market share. However, investment may be required to maximize the business benefits available and a journey of transformation (as outlined in the figure below) will be required to bring best practice and compliance to your customer data management strategy.
To comply with GDPR, organizations need to find a means of exerting more control over their customer data, to eliminate illegal processing. In most cases, organizations will need to ensure that their data is more detailed and that the information or profile they hold for every individual includes a legitimate legal basis for processing. Organizations must analyze their current customer data infrastructure to ascertain whether the resources they currently have at their disposal are sufficient to deliver compliant operations. Questions to ask include:
- Can you collect all customer events (including consent choices) across all digital channels and IOT devices in real-time?
- Can you easily identify the customer and update existing records you hold for them with the information collected above?
- Can you update this customer data with data collected from offline sources (e.g. call centers)?
- Do you have access to a ‘single source of truth’ for each individual customer, or is your customer information siloed and distributed across multiple systems, with inevitable incompatibilities and data inconsistencies?
- If a customer requests deletion of their personal data, or if the regulator requests access to the data you hold for an individual, how easy will it be for you to fulfill this request? If requests like this come at scale how much will it cost to respond?
- How will you use the customer data you have collected to control data processing and ensure compliance to GDPR?
These are specific challenges, caused by significant regulatory changes, which many organizations will be ill-equipped to address. Each organization is unique, but in many cases the implementation of a real-time assembly customer data platform (CDP) is the best way to address the points above.
What is the role of an Assembly CDP?
A platform which assembles operational customer profiles by collecting interaction data from customers’ online and digital behavior. Captured data is enriched with contextual information, combined with data captured offline and then used to update existing profile information for that individual. The CDP maintains, stores and distributes customer profiles containing all information relating to an individual customer or prospect. The CDP is a centralized platform which eliminates data silos which form between different databases. The implementation of a CDP is an architectural transformation in which an organization opts to feed its databases, analytics solutions and marketing tools with detailed and consistent data from a central source. Organizations who implement a CDP have one common objective – to improve the quality of their customer data, which will in turn enhance the performance of the systems it serves.
How can an Assembly CDP ensure compliance?
Some CDPs can collect consent choices made by customers, along with the interaction data they have been configured to capture. This consent data constitutes proof of a legal basis for processing and, depending on the capabilities of the CDP in question, the customer profile could be used to fulfill data portability and right of erasure requests from customers, or to facilitate investigations from the regulator.
Also, depending on the CDP’s ability to connect to third party systems, consent data could be used to automatically restrict data processing where no legal basis exists. This requires a seamless integration between the CDP and the systems your organization uses to process data and engage with customers, such as decisioning systems and marketing platforms.
The Celebrus CDP and GDPR compliance
Just as GDPR is aligned with digital marketing best practice, by delivering an optimized data management strategy, Celebrus goes beyond ensuring compliance to the new regulations. Unlike traditional CDPs who predominantly record web interactions, relying on tag management, Celebrus captures all digital behavioral data across every channel and device, in real-time.
Celebrus collects all customer data, including consent preferences, using a customizable interface such as the one displayed above to form highly detailed customer profiles. This customer profile data is transformed to a standardized format which is compatible with leading systems of insight and engagement including Teradata RTIM, Pegasystems Customer Decision Hub, Adobe Experience Cloud and SAS RTDM. Consent data within Celebrus customer profiles can be used to automate and govern the flow of data to these third-party systems to ensure that processing only occurs where a legal justification exists.