Are You Ready for GDPR in 2018?

February 9, 2018

On May 25th 2018, the General Data Protection Regulation (GDPR) will become enforceable. The regulation aims to give control over personal data back to individuals by strengthening and unifying data protection regulation within the European Union. The impact of the regulation will be far-reaching, as it applies to any company that holds or processes personal data of individuals residing within the European Union.

The penalty for GDPR non-compliance is up to €20M or 4% of annual global turnover. The cost of ignoring GDPR is too high, forcing corporations to reevaluate the way they handle consumer data, and to install new processes and technologies enabling the consumers right to “own” their data.

Great customer experiences require a solid understanding of each customer first, so you have to put a “face” to your data. Corporations looking to meet the requirements of GDPR could simply anonymize all of their customers’ personal data. Yet, in a world where delivering superior customer experiences is at the top of everyone’s list, this approach will never enable true customer centricity. Today’s consumers expect products and services to be uniquely tailored to their needs, which in turn, requires an actual understanding of those needs before being able to act. This understanding lies in each individual’s personal data.

Marketers: Why You Need to Care About GDPR

Marketers, specifically, need to be “in the know” on GDPR because it will affect the entire customer experience of your brand.

GDPR enforces the data privacy that your customers demand. A transparent corporation that acknowledges the sanctity of personal data by putting data privacy at the forefront of their customer-centric strategies, is poised to perform better than those companies who don’t. Knowing whether and how your customers would like to receive messages, actions and offers is an opportunity to deliver better, more engaging and less intrusive customer experiences.

Your customer data is precious, and if managed properly and efficiently, it can deliver a significant competitive advantage. If customer data is abused, however, you risk the customer backlash that can cripple your brand’s reputation. Consumers place a great deal of trust in the brands they love. You can reward that faith by displaying competency and transparency concerning your data privacy policies, and by providing them with the most relevant and seamless customer experiences.

What Marketers Can Start Doing Today

There are three different ways you can respond to GDPR:

1) You Can Do Nothing: Non-compliance with the regulation will lead to hefty fines. Companies in breach of GDPR can be fined up to 4% of their annual global turnover, up to €20 million. While this is the maximum fine, and one that will only be imposed for the most serious infringements, a lot can and should be done for a much more palatable price tag. Even if it wasn’t for the fines, the reputational risk and competitive disadvantage should not be underestimated either. Ultimately, customers will no longer want to do business with a company that does not respect their data privacy. With a regulation like GDPR, doing nothing is not really an option.

2) You Can Do It Yourself: An alternative response to achieve GDPR compliance is to “do it yourself.” As with most regulatory compliance projects, the first step is an assessment of your current state and an estimate of the effort it will take to update your current environment. The assessment will require answering questions such as:

  • What customer data do you hold?
  • Where is that customer data stored?
  • Who can access the customer data?
  • How secure is your customer data?
  • For which purpose am I using the customer data?
  • How do I control the customer data?

Companies that have undertaken this assessment, in preparation for GDPR, will come to realize that their customer data flows through a complex and fragmented eco-system of systems, tools and applications, including channel applications, CRM and marketing systems and analytics applications. Remediating the totality of those systems to ensure that you operate in a demonstrably GDPR-compliant way will most likely be a complex, costly endeavor.

Even those companies who have centralized their customer data in a data warehouse will encounter challenges, as data warehouses are not intended to support the operational processes at the customer level that GDPR requires. Companies who are considering master data management (MDM) solutions to address GDPR-compliance will realize that MDM systems can certainly assist in partial compliance, but they, too, will fall short in managing the operationalization of GDPR.

3) You Can Implement a Customer Data Platform for GDPR Compliance: Adding a Customer Data Platform (CDP) to your current technology eco-system could vastly help you gain operational control over all over your customer data in one place, thus allowing you the ability to better organize and understand your data to be complaint with GDPR. Gartner defines a CDP as, “an integrated customer database that unifies a company’s customer data from marketing, sales and service channels to enable customer insight and drive customer experience.”

It’s the CDP’s ability to centralize all the customer data in your company – structured and unstructured, factual and behavioral, from digital online and offline source systems, as well as from your multiple channels and devices – that’s the key to effective and diligent operational customer data management, a pre-requisite for GDPR compliance.

A Next Generation CDP Supports GDPR Compliance and Beyond

It’s safe to assume that as GDPR goes into effect and begins to be enforced, the specific technology requirements will present themselves. While many companies are waiting to see how GDPR will be enforced, laying a nimble data privacy foundation is the best course of action to adjust your treatment of personal data to meet the shifting regulations on data privacy in the EU.

GDPR shouldn’t be a hindrance to customer centricity and the customer experience. Managing GDPR compliance across a fragmented stack of disparate technologies that process personal data is a backwards approach. Effectively managing the privacy of personal data requires a single source of customer record, and a secure system giving granular context to all personal data being processed. You need a single platform to manage customer consent of their data being stored, processed and permission for how that data is used.

NGDATA’s Lily™ provides key features and functionalities that will support your company’s GDPR compliance as a Data Controller and a Data Processor that will and guarantee your customer’s Data Privacy by Design with:

  • Customer DNA
  • Advanced, Purpose-Scoped Execution of Consent Registration
  • Advanced Data Management
  • Advanced Security
  • Data Monitoring and Audit Support

NGDATA is supporting our customers through preparation for the impending GDPR deadline of May 2018. Our next generation CDP, Lily, solves the marketer’s dilemma in the face of GDPR by helping companies manage customer information in one place – for ease in turning information on and off, and using data properly based on consent of the customers. Through Lily, you can shift GDPR from a cost-avoidance issue to a revenue-generating opportunity that has the customer at the center of both privacy and utility.