As the deadline for compliance with the EU’s General Data Protection Regulation (GDPR) nears, organizations are engaging in evaluations and audits to ensure their readiness. If you collect any data about EU residents, this law applies to you. Under GDPR, the use of any EU citizen’s data — ranging from private information, mailing addresses and public information to social profiles, images, pictures, IP information, device IDs and medical and financial details — will be regulated.
Preparing for GDPR compliance must involve the entire company. Chief information security officers (CISO) and compliance teams are leading the reviews and implementations, but proper execution requires effort by all teams, including sales, marketing, customer engagement, support and IT. All functional groups across organizations capturing and working with data about EU citizens need a thorough evaluation of their systems and processes to ensure compliance.
An Opportunity, Not Just a Mandate
But don’t look at compliance with GDPR mandates as just a regulatory exercise. Think of it as an opportunity to improve your operations for a better customer experience.
Under GDPR, companies must be mindful of what data they collect and for what purpose, and they will have to track how it is stored and used. Compliance with GDPR presents an opportunity for marketers to improve the effectiveness of their campaigns with more meaningful engagement with customers. Marketing should expect improvements in conventional metrics like open rates, click-throughs and opt-outs, and that will ultimately impact the bottom line.
Confidence in customer data quality is critical for GDPR compliance. Organizations must bring together the data from all internal, external and third-party sources, with proper lineage for complete and accurate customer profiles. They must also correlate omnichannel transactions to the customer master records and understand how an individual customer is related to other members of a household — and whether, and in what way, each member of the household has consented to allow the company to use his or her data.
Compliance also requires workflow management to handle data change and deletion requests from individuals. Companies will run the risk of substantial penalties if they do not have accurate 360-degree views of customers, are not able to generate compliance reports quickly and do not have fast data-change request management processes.
As you work toward GDPR conformance, make sure you have a comprehensive data management strategy and the technology necessary to assemble accurate and consolidated customer profiles, understand relationships among customers and manage customer requests.
Accurate and Consolidated Customer Profiles
Blending customer data from internal, external, third-party and social sources helps create consolidated profiles. As you match and merge profiles, you must also maintain data lineage across all attributes for future reporting on the origin of data. Correlating omnichannel interactions and transactions with customer master profiles is essential.
Blending transactional data with master data not only provides marketing teams with a better understanding of customers, but also offers a consolidated interactions history for reporting. In the event of a data breach, you can quickly find out who was affected, which departments and systems had access to the data and who needs to be informed.
Companies must be able to produce evidence that customers have agreed to allow them to use their data. And they must give customers the ability to withdraw the consent. Management and maintenance of rights and permissions with the ability to capture and store consent types using graph technology can be extremely helpful.
An added benefit of the graph technology in modern data management systems is that it can help companies understand and manage how people are related to one another and what type of consent they have granted. Make sure you have a complete understanding of customers’ relationships with stores, locations, channels, other customers and the types of consent that are in place. If, for example, a question arises about whether a minor has provided consent, graph technology can quickly present complete householding information and show whether the minor’s parents have provided consent.
Managing Customer Requests
GDPR requires the purging of all traces of customer information when an individual requests data erasure, including the removal of any information about a customer’s past actions captured in activity logs. Companies need a mechanism to support this “right to be forgotten.” Your business will also need to support your customers’ requests for copies of their information in a portable format. Robust workflow capabilities help manage such requests, including requests for data changes, deletions and review, with complete governance and traceability. If you’re enriching customer profiles with data from third-party sources, make sure you can fully trace all data back to the external providers. In the event of a change request, you need to be able to route the change back to the original source data.
GDPR compliance requirements are extensive and require a holistic data strategy that encompasses managing master data at big data scale, understanding relationships and using machine learning and predictive analytics to help you maintain compliance and data quality. Blending customer data from all internal and external applications to create reliable master profiles for customers is key. Correlate them with omnichannel transactions and maintain a clear understanding of people’s relationships with organizations, products and other people, and of the type of consent they have granted. Use workflow and governance capabilities to address customer data change and deletion requests with full traceability.
Without these methods, organizations will be hard-pressed to comply with the complete scope of GDPR requirements. Proper data strategies and the use of modern technologies will ensure that you are in full compliance with the law and give customer-facing teams unprecedented access to clean customer data with a deeper understanding of customers so they can engage consumers more effectively.