Data Privacy and Security

GDPR: How marketing can save compliance

This is a contributed piece from Martin James, Regional Vice President, Northern Europe at DataStax


The traditional view of Marketing and Compliance teams would be that Marketing continually pushes the boundaries while the Compliance unit tries to keep them from going over the edge or jeopardising data. While Marketing is able to try new things and use data in ways that can benefit the company, Compliance teams have to be on hand to ensure that activity does not risk customer data loss or theft.

The European Union’s General Data Protection Regulation looks like another set of rules that the Compliance team will have to bear in mind. Due to come into force in May 2018, all companies with customers resident in the European Union will have to comply.

So will this be another set of regulations where Compliance will have to curtail Marketing? In fact, no.

Building a single customer view

One of the big changes within GDPR is that all customers will have the right to have their data records deleted by an organisation if they request it. This doesn’t just apply to the data within the CRM system; it covers all customer-related data within all systems. According to the latest interpretations of the Article in question, this data deletion should include all copies of the data records around that customer.

To quote Article 17: “The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data …”. While there is a provision that archive copies of data required “for compliance with a legal obligation to retain the personal data by Union or Member State law to which the controller is subject,” this does mean that all other records and references have to be deleted.

The biggest challenge here is that customer records can be held in multiple places. Alongside any central customer relationship management service, data on customers can be within specific applications and customer support systems. In a bank, for example, a customer’s savings account records would be separate from their mortgage or credit card account. Each of these systems is its own silo, with attendant copies of data for backup and archival. Each one may have its own customer support system that does not link up to the central customer record too.

For companies in other sectors, website accounts or applications may create their own records on customer activity. Retailers find it difficult to get a complete picture of their customers across multiple channels such as mobile, internet and in-store. Each of these can represent a set of personal data that has to be tracked over time.

These silos of data should be used to build up a personalised insight into each customer called a Single Customer View. By putting SCV in place, marketers should be able to connect more effectively with customers or prospects. However, the SCV can also be used for compliance too.

If and when a request for data deletion comes in, the SCV should provide a complete set of records that can be used for managing the request. This level of insight should improve marketing performance, but it can also dramatically reduce the amount of work required to comply with one of the key pain points in GDPR.


Building the business case

GDPR has got a much larger degree of recognition within senior leadership teams than most compliance regulations normally achieve. To a large extent, this is due to the sheer size of the potential fines that can be levied if data is lost or stolen and put at risk. The prospect of being fined two to four per cent of global turnover should ensure that business leaders and C-level executives support any initiatives to prepare for compliance.

However important this is, the link between marketing and compliance should make the business case around data handling and single customer view easier as well. For example, companies without a single customer view project in place can take advantage of the budgets set aside for compliance. Where legacy applications containing customer records exist, these can be linked up for compliance and more business benefit too.

Conversely, compliance teams can start conversations with marketers around their GDPR responsibilities and get insight into whether single customer view projects are in place within the business. If they are not, then providing this can support marketing departments with more efficient use of data in the future; if they are in place already, then making them “GDPR ready” should make life easier for both teams.

It will also be possible to estimate how many sources of customer data exist within the business, and the amount of time to process a request for data deletion. Depending on the level of manual intervention required, the cost for IT staff to process each request properly within each system could be hours. Estimating the result of automating these steps to delete across each system should provide a benefit in terms of time saved, on top of not needing each system to be checked for records in the first place.


A single-minded approach to data

GDPR can potentially have a big impact on how businesses run their operations, from affecting contracts with suppliers and agencies through to how customer data is handled. For some that were already following data privacy best practices, this will be more ‘business as usual’ than the huge re-engineering process that many face. However, getting that single customer view in place should make this all easier.



« Greg Gianforte and the rise of the technocrat


Data science needs a place on the STEM curriculum »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?