How Can a Customer Data Platform Help with GDPR Compliance?

May 31, 2017

As I write, we are just under a year away from the date when the new General Data Protection Regulation (GDPR) comes into force across Europe.

In the UK, GDPR will supplant the Data Protection Act, which was first introduced in 1998 – a year, remember, when Google when was still in its formative years and Facebook was a twinkle in a then 14-year-old Mark Zuckerberg’s eye. I think we can all agree that the online world has moved on significantly since then and reforms to data protection laws are well overdue. However, that’s not necessarily to say that marketers will be pleased with it.

While GDPR is EU legislation, the significant changes to the way that marketers collect, process and use consumer personal data will affect marketers around the globe. Essentially, if your organization handles and uses the personal data of any EU citizen then it will need to do so within the guidelines of GDPR. The UK Brexit will not change the need to adhere to it. Operating outside of the European Union will not remove the need to follow it.

Despite this, companies worldwide (and a worryingly large number of them in the UK) seem completely oblivious or ignorant to the repercussions GDPR will have to their ability to acquire marketing consent, profile their customers, and how enhanced data rights of customers could change how they do business.

This ignorance is even more concerning when you consider the swingeing fines a business could face for contravening GDPR. Punishment can be as much as 4% of a company’s global annual turnover, or €20 million ($22 million), whichever is greater. For Facebook for example, that could mean a penalty that costs it $1.1 billion.

Staying compliant in the face of GDPR will require far more diligent data management, and this is where a Customer Data Platform can really benefit. For example:

Unified data is more efficient to extract: One peril faced by businesses are the changes to be made to Subject Access Requests (SARs). This is where a consumer can ask for all the data you hold about them, how long you’ve held it for and with whom you’ve shared it. They can also ask a business to rectify incorrect data and insist the erasure of data collected unlawfully, unnecessarily or which has since expired.

Previously, requesting a SAR came with a fee and a generous deadline to produce the report. After GDPR, businesses cannot charge for a SAR and the request must be completed within a month. Should the subject find any use of their data that distresses them, they have the right to claim compensation.

Say you have a million customers and just 1% of them demand a SAR. Say it takes one person four hours to collate the data. That’s still thousands of manpower hours, even before any potential compensation crisis.

However, if a CDP keeps your customer data in a unified marketing database (which it should do), this will make finding and extracting the personal data far easier (and quicker) than scouring countless individual databases.

Database audit trails improve compliance: If a data protection governing body asked you how and when you obtained consent to send them marketing communications, could you do it? Could you easily provide evidence to show how long you keep records, and to any third parties you’ve supplied them?

In the same way the Single Customer View (SCV) process makes replying to SARs more efficient, all good CDPs should create an audit trail to demonstrate your compliance and provide evidence should anyone question your marketing practices.

Thankfully, with a CDP using consistently refreshed and aggregated data, all your customer records should be compliant to the latest suppressions and unsubscribes anyway. Which should mean you are only communicating with permitted people.

The BlueVenn CDP takes GDPR permissions even further, with the ability to mask data within sensitive fields. This means personal data is hidden from any data exports or campaign outputs (so it cannot be accidentally used), while still making it usable for analysis or counts.

One positive to take away from using a CDP to better manage your data is that you are treating your customer data with respect and their increased trust in you should make those who consent to your marketing far more willing to share the details that help you do your job better.