Blog

CDP & GDPR – A Match Made in Scrabble Heaven

November 6, 2017

There are already a number of different pieces of UK legislation that cover data protection and data security. The predominant one currently is the Data Protection Act 1998 (DPA). We also have the Privacy & Electronic Communications Regulations (PECR… no sniggering at the back!), as well as others that cover individuals’ privacy and data protection. And unless you have been living under a rock or are perhaps, a contestant on Love Island, you will also know that we have the General Data Protection Regulations (GDPR) coming into force in May 2018.

Now if you add all these acronyms up, not only can you get a pretty decent Scrabble score (my best was 6 letters – read to the end for my word), but you also have rather a lot to think about when it comes to data security.

A quick re-cap if you don’t have your GDPR notes in front of you; from May 2018 individuals about whom you hold personal data will have the following rights:

  • Access
  • Rectification (… you’ve got to fix it if it’s wrong!)
  • Erasure (no, not the right to listen to 80’s pop)
  • To restrict processing
  • Portability
  • And the right to restrict profiling

All of which needs clarification by the powers that be over the next 11 months but one thing remains certain… your data platforms need to be able to achieve all of the above.

Introducing….

Wouldn’t it be great if you had somewhere you could put all your customer data that would address many of the regulations, existing and future, allowing you more time to get on with using that data for some brilliant marketing?

Drum roll please….

It’s called a Customer Data Platform (or CDP).

Now, you may be saying to yourself ‘Enough with the acronyms! I am still trying to work out what 6-letter word you had earlier in this article’! But hear me out, and I’ll explain how a CDP can help you, particularly in regards to some of the upcoming regulations in the GDPR.

I am not going to explain the benefit of a CDP from a marketing point of view. This is done far better in other articles on this site. What I will say is that a CDP is an evolution of a traditional customer database that combines data from multiple platforms to give a single view of the customer. It utilises profile, transactional and past behavioural data to predict future customer behaviour, all the while being marketer controlled and easy for external systems to push data in and pull data out from. It is intelligence driven marketing at its very best.

How does a CDP help with GDPR?

On top of this, there are some added benefits from a compliance point of view, particularly with GDPR in mind.

Subject Access Requests

Currently the DPA legislates for Subject Access Requests (the ability for a person to request all data from you that you hold on them). However, the GDPR will remove the ability to charge for this access and limit the time you are allowed to provide this data (a maximum of 1 month).

Having all your customer data in one place makes it more efficient to extract. You won’t need to engage your tech team to trawl though multiple data silos and you won’t need to spend hours collating all that information and putting it in a presentable format. If even 0.5% of your current customers asked for all the data that you hold on them, how much time and resource do you think that would currently take you to comply?

Consent

One of the main tenets of GPDR is more informed consent, but not only does it deal with whether you have gathered permission, it is also concerned with how you have gathered it. Not only that but the onus is on you to store and record how consent has been gathered. A CDP will store all this information and tie it all to the individual so it can be easily evidenced.

Audit trail

Linking back to the storing of consent, a good CDP will also store a complete audit trail of marketing permission, so a single customer state of consent can be shown at any given moment in their life cycle.

Using a CDP will mean all your subscription status’ and suppressions will be consistent and up to date across all of your customers.

In addition, the CDP will maintain a ‘single source of truth’ of your marketing consent and will make it easy for your other systems to access this ‘truth’.

Security Access

Another facet of a good CDP is controlling access to stored customer data, particularly PII – Personally Identifiable Information. A platform like RedEye’s CDP can be accessed by external systems but only with the correct security privileges for access or secure methods for transfer such as SFTP. This is especially useful for areas of legislation that cover data protection and data security, meaning you will be mitigating your risk of a data breach.

Summary

Under the GDPR, breaches of some of the provisions could lead to increased fines of up to €20m or 4% of global annual turnover, so it is essential that you are doing all you can to mitigate your risk. At the same time, you are building trust with your customers by collecting, processing, storing and using their data in a transparent, respectful and legal way. A good CDP will help with many of these issues.

Finally, the 6-letter word was ‘carped’. Can you do better?

PS – we know there’s a potential 7-letter word, but we’re concerned we’d offend your delicate sensibilities with that one!

Questions or concerns over GDPR? Contact us now and we will try to answer your questions.