’Tis the season to ensure you have a legal justification for processing – Part 2Published: Tuesday, 6 February 2018 by Joe Cripps, Product Manager
Last week I set the scene regarding the challenge millions of organisations will face this year when GDPR rules come into force. Part 2 of this blog examines how organisations should address the challenge of complying with the new rules in a way that delivers competitive advantage.
Despite all the negative press and scaremongering over the past 18 months, GDPR legislation is in fact closely aligned to digital marketing best practice. It aims to eradicate the questionable tactics employed by those organisations who send large numbers of untargeted communications and promotions which offer little value to recipients. For organisations with sophisticated marketing strategies who aim to deliver value to their target market through personalising their message and promotions, the eradication of scattergun tactics should be an opportunity for growth and to gain market share. However, investment may be required to maximise the business benefits available and a journey of transformation (as outlined in the figure below) will be required to bring best practice and compliance to your customer data management strategy.
To comply with GDPR, organisations need to find a means of exerting more control over their customer data, to eliminate illegal processing. In most cases, organisations will need to ensure that their data is more detailed and that the information or profile they hold for every individual includes a legitimate legal basis for processing. Organisations must analyse their current customer data infrastructure to ascertain whether the resources they currently have at their disposal are sufficient to deliver compliant operations. Questions to ask include:
- Can you collect all customer events (including consent choices) across all digital channels and IOT devices in real-time?
- Can you easily identify the customer and update existing records you hold for them with the information collected above?
- Can you update this customer data with data collected from offline sources (e.g. call centres)?
- Do you have access to a ‘single source of truth’ for each individual customer, or is your customer information siloed and distributed across multiple systems, with inevitable incompatibilities and data inconsistencies?
- If a customer requests deletion of their personal data, or if the regulator requests access to the data you hold for an individual, how easy will it be for you to fulfil this request? If requests like this come at scale how much will it cost to respond?
- How will you use the customer data you have collected to control data processing and ensure compliance to GDPR?
These are specific challenges, caused by significant regulatory changes, which many organisations will be ill-equipped to address. Each organisation is unique, but in many cases the implementation of a real-time assembly customer data platform (CDP) is the best way to address the points above.
What is the role of an Assembly CDP?
A platform which assembles operational customer profiles by collecting interaction data from customers’ online and digital behaviour. Captured data is enriched with contextual information, combined with data captured offline and then used to update existing profile information for that individual. The CDP maintains, stores and distributes customer profiles containing all information relating to an individual customer or prospect. The CDP is a centralised platform which eliminates data silos which form between different databases. The implementation of a CDP is an architectural transformation in which an organisation opts to feed its databases, analytics solutions and marketing tools with detailed and consistent data from a central source. Organisations who implement a CDP have one common objective – to improve the quality of their customer data, which will in turn enhance the performance of the systems it serves.
How can an Assembly CDP ensure compliance?
Some CDPs can collect consent choices made by customers, along with the interaction data they have been configured to capture. This consent data constitutes proof of a legal basis for processing and, depending on the capabilities of the CDP in question, the customer profile could be used to fulfil data portability and right of erasure requests from customers, or to facilitate investigations from the regulator.
Also, depending on the CDP’s ability to connect to third party systems, consent data could be used to automatically restrict data processing where no legal basis exists. This requires a seamless integration between the CDP and the systems your organisation uses to process data and engage with customers, such as decisioning systems and marketing platforms.
The Celebrus CDP and GDPR compliance
Just as GDPR is aligned with digital marketing best practice, by delivering an optimised data management strategy, Celebrus goes beyond ensuring compliance to the new regulations. Unlike traditional CDPs who predominantly record web interactions, relying on tag management, Celebrus captures all digital behavioural data across every channel and device, in real-time.
Celebrus collects all customer data, including consent preferences, using a customisable interface such as the one displayed above to form highly detailed customer profiles. This customer profile data is transformed to a standardised format which is compatible with leading systems of insight and engagement including Teradata RTIM, Pegasystems Customer Decision Hub, Adobe Experience Cloud and SAS RTDM. Consent data within Celebrus customer profiles can be used to automate and govern the flow of data to these third-party systems to ensure that processing only occurs where a legal justification exists.