Complying with the European Union’s forthcoming General Data Protection Regulation (GDPR) will present challenges, but it will also provide an opportunity to take a holistic, intelligent and automated approach to customer data management.
That’s because the GDPR is not just a compliance, data, security or risk issue. It’s all of those and more. And as a part of an overarching data management strategy for compliance, master data management (MDM) can play an essential role alongside data governance, data quality and data security.
Consent Opens the Door to Trust
Permission-based marketing will take on a whole new meaning when the GDPR goes into effect this May. While many legal teams and marketers are working diligently to document existing workflows, processes and how personal data is being used, many will soon need to consider how to manage and act on customer consent at a deeper level of specificity than ever before.
The new regulation states that companies can only use people’s personal data in marketing, sales and other data-driven activities if individuals (or “data subjects”) consent to let them do so “by a statement or by a clear affirmative action.” Consent given by data subjects must be unambiguous and sometimes explicit. (You can read more about consent in the article “Top 10 Operational Impacts of the GDPR: Part 3 — Consent” by information privacy expert Gabe Maldoff.)
While securing consent from customers is a seemingly daunting task, there is an upside. With this requirement, the GDPR provides an opening for organizations to build trust in the marketplace, position themselves competitively and stand apart in the hearts and minds of their customers.
The downsides, of course, include the financial penalties companies can incur if they fail to abide by the GDPR’s consent requirements, and the erosion of customer loyalty they will experience if authorities determine they used customer data without consent. Both of those drawbacks point toward the value of investing in a solution for managing and sharing consents centrally.
Related Article: Marketers Are Missing the Point of GDPR — and the Opportunity
A Record of Clear and Certain Consents
Marketers have traditionally captured consents across multiple silos, applications, channels and locations. Customers agreed to allow companies to use their personal data broadly and generally, without clear definition or understanding of what data would be collected, how it would be used and who would have access to it — including third parties.
The GDPR will change all of that — if it hasn’t already.
Organizations that interact with EU data subjects, will need to define the “what, how, who and why” of the personal data they process about data subjects. These policy definitions will serve as the foundation for customer consents, which should be plainly stated and accurately captured, typically in a data governance solution designed for collaboration and stewardship.
Sales, marketing and legal teams will want to be confident that they are respecting individual data subjects’ preferences. Ambiguity in policy and use will create a risk that the data that marketers need will become too controlled and restricted, and it could slow emerging customer-centric strategies and have a detrimental impact on customer experience initiatives.
To avoid internal and external chaos and confusion, companies will need clear and certain means of capturing, storing and communicating consents across channels and interactions. Gaining confidence in the consents granted relies on access to explicit details, including a robust history of all consents, both given and withdrawn.
Related Article: What Marketers Should Know About the GDPR
How MDM Plays a Part
We commonly think of master data management (MDM) systems being used to deliver trusted, unified views of customer data. But the capture and management of consents and consent life cycles for GDPR compliance is a natural extension of MDM.
MDM automates and centralizes management of business-critical data with native functionality designed to reconcile, govern, relate, secure and share high-quality, trusted data.
A consent management strategy that includes using MDM to consolidate all relevant data on a data subject into one common record can help reveal conflicts and ambiguities across records. MDM can lessen the organizational burden to deliver only the data that is needed across teams, locations and lines of business.
As part of an overall data management strategy, the native capabilities of MDM can help marketers and legal teams deal with organizational implications of GDPR compliance, such as these:
Centralized view of the data subject and consents: When establishing data protection by design and default, MDM can become a common source for systems to capture and retrieve consents. The advanced match-and-merge capabilities of MDM would link data subjects’ data across systems, and hold a complete record of all consents provided, refused or withdrawn.
It also makes it possible to manage the status of consents themselves, linking to or indicating the original source of the consent (versions, expirations, renewals, etc). MDM affords a level of accountability across current and past states of consent, including when specific consents were provided, updated or withdrawn by data subjects.
Multidomain capabilities: Most CRM systems manage customers and prospects only, whereas MDM systems have the ability to manage customers, prospects, contacts, employees, partners, etc. Therefore, MDM can also support consents from data subjects with multiple roles, such as a customer who is also a partner.
Moreover, MDM can manage multiple consent purposes and conditions to support common processes, purposes or conditions. This would be useful at a level of granularity where a purpose may be a marketing communication or billing notification, and a condition might specify a particular email address that should be used for each purpose.
Workflows: As consents are added, updated or modified, the workflow component of the MDM process becomes more crucial. Workflows extend data governance capabilities to include support for reviewing consents and approvals, uphold data retention periods and execute data subjects’ rights in a thorough and consistent manner.
A complete service layer: The publishing and integration capabilities of MDM further support data protection by design and default by allowing applications to consume data subject and consent information. While data minimization can be further enhanced by an ability to filter personal data for each action or purpose, and based on the consents provided.
For example, MDM can provide data stewards and privacy managers with control of, access to and traceability of the data that’s contained within the MDM solution, helping these teams work toward data minimization and ensuring the correct subset of master data is made available when needed or requested and across multiple purposes.
Related Article: 11 MarTech Vendors Reveal GDPR Compliance Plans
A Building Block to a Larger Customer Data Strategy
Extending the scope of data that’s centrally managed in an MDM system often leads to other tangible and intangible benefits. Not only does MDM fuel an accurate and consistent experience while reducing the costs of compliance, it also delivers on the 360-degree customer view that has been elusive to many marketers.
The 360-degree view provided by an MDM system can also help minimize the time and effort needed to respond to queries from individual data subjects and regulators, and it provides the agility to adapt to future requirements and regulations for data protection.
By correctly mastering customer consents, organizations will be better positioned to understand the boundaries associated with customer data and thereby build customer trust. As a means of optimizing growth, improving products and services, and delivering great customer experiences over time, MDM will continue to be an essential component of any data-driven marketing strategy.