In Part 2 of our blog series on GDPR, we talked about why marketers need to care about GDPR because it affects the entire customer experience.
There are three different ways you can respond to the regulation, which is set to become enforceable in May of this year:
1) You Can Do Nothing: Non-compliance with the regulation will lead to hefty fines. Companies in breach of GDPR can be fined up to 4% of their annual global turnover, up to €20 million. While this is the maximum fine, and one that will only be imposed for the most serious infringements, a lot can and should be done for a much more palatable price tag. Even if it wasn’t for the fines, the reputational risk and competitive disadvantage should not be underestimated either. Ultimately, customers will no longer want to do business with a company that does not respect their data privacy. With a regulation like GDPR, doing nothing is not really an option.
2) You Can Do It Yourself: An alternative response to achieve GDPR compliance is to “do it yourself.” As with most regulatory compliance projects, the first step is an assessment of your current state and an estimate of the effort it will take to update your current environment. The assessment will require answering questions such as:
- What customer data do you hold?
- Where is that customer data stored?
- Who can access the customer data?
- How secure is your customer data?
- For which purpose am I using the customer data?
- How do I control the customer data?
Companies that have undertaken this assessment, in preparation for GDPR, will come to realize that their customer data flows through a complex and fragmented eco-system of systems, tools and applications, including channel applications, CRM and marketing systems and analytics applications. Remediating the totality of those systems to ensure that you operate in a demonstrably GDPR-compliant way will most likely be a complex, costly endeavor.
Even those companies who have centralized their customer data in a data warehouse will encounter challenges, as data warehouses are not intended to support the operational processes at the customer level that GDPR requires. Companies who are considering master data management (MDM) solutions to address GDPR-compliance will realize that MDM systems can certainly assist in partial compliance, but they, too, will fall short in managing the operationalization of GDPR.
3) You Can Implement a Customer Data Platform for GDPR Compliance: Adding a Customer Data Platform (CDP) to your current technology eco-system could vastly help you gain operational control over all over your customer data in one place, thus allowing you the ability to better organize and understand your data to be complaint with GDPR. Gartner defines a CDP as, “an integrated customer database that unifies a company’s customer data from marketing, sales and service channels to enable customer insight and drive customer experience.”
It’s the CDP’s ability to centralize all the customer data in your company – structured and unstructured, factual and behavioral, from digital online and offline source systems, as well as from your multiple channels and devices – that’s the key to effective and diligent operational customer data management, a pre-requisite for GDPR compliance.
NGDATA is supporting our customers through preparation for the impending GDPR deadline of May 2018. Our next generation CDP, Lily™, solves the marketer’s dilemma in the face of GDPR by helping companies manage customer information in one place – for ease in turning information on and off, and using data properly based on consent of the customers. Through Lily, you can shift GDPR from a cost-avoidance issue to a revenue-generating opportunity that has the customer at the center of both privacy and utility.
This article is Part 3 in our blog series about GDPR, and what you can do to prepare and use the regulation as a foundation for digital transformation. Stayed tuned for Part 4 in this series.