May 16, 2018
Two years back, European Union (EU) parliament approved the General Data Protection Regulation (GDPR) to protect and regulate the data of the resident of the EU. The step was taken to counter the growing data privacy breaches and to protect individual personal information.
The GDPR is going to be implemented across EU on May 25, 2018, and will replace the Data Protection Directive 95/46/EC. The new regulations are designed to empower and protect all data privacy of EU citizens and harmonize data laws in Europe. It will also help to reshape the way data companies approach data privacy across EU.
Key Changes in GDPR:
The objective to introduce GDPR is to protect the region from data and privacy breaches in a growing data-driven world of the 21st century as there is a great difference in the dynamics of data industry from the time of 1995 when the directive was implemented. Although the aim of both regulations is largely same—to protect data and privacy breaches.
One of the biggest change is the increase in the territorial scope of the GDPR. The new regulation will apply to all the organizations, which process personal data of the citizen residing in the region, regardless of the organization’s location. Previously, the rules were limited to the companies located in the Union.
GDPR has made it clear that the new regulation will apply to the processing of personal data by processors and controllers in Europe, whether the processing takes place in the EU or not. Even the GDPR will also applicable to the processors, who provide services and goods to the EU citizens: irrespective of payment.
Fines and Penalties:
In GDPR, regulators have adopted a strategy to penalize offender by imposing heavy fines. Under new regulations, companies, which will breach the GDPR will be fined up to 20 million euros or 4% of annual revenue worldwide (whichever is higher.)
This the maximum fine, which can be imposed on the serious kind of offend i.e. processing data without the sufficient consent from the customer. It will also be imposed if organization violates the privacy by concepts.
In the upcoming GDPR, the requirement of taking consent from the customer has been strengthened to protect customer privacy. In GDPR, the organizations will not be able to use illegible conditions and cannot impose long terms as well.
The companies need to take consent of the customer in an easily accessible and intelligible form—attaching the purpose of the data processing. Consent should be distinguishable and clear from other matters using plain and clear language.
Under GDPR, it is mandatory for all the companies to send out breach notification within 72 hours of a data breach. The processors are also required to notify customer and controllers after first become aware of any kind of insurgency.
With above mentioned, few differences, GDPR will be implemented on May 25, this year. With significant controls, one can have relief about the data breach in future. However, these strict steps may harm the data process companies and may make difficult for them to work in the EU.
CDP & GDPR:
CDP referred as “Customer Data Platforms” is a marketer-based platform, which provides persistent and unified customer database. It is a management system, which is assessable from another system as well. In the CDP, the data is taken from different sources and then cleaned and combined to create a single profile of the customer.
Usually, the CDP is used by the marketing department to provide a single profile of customer to the marketer that helps to give a competitive view of every customer. This helps the marketer to offer tailor-made products and services and, messages to the customer to effectively market the customer.
However, CDP is not solely used for marketing purpose. The management system can also be used to provide support, analytics and fraud detection. This is possible as the CDP is designed to allow other systems to use its data with the permission from data controller.
Other capabilities of CDP is that it is flexible in terms of data usage, connection to any data system, retain data originality from its source and quick access to the individual customer. These are the core capabilities, which makes CDP to work perfectly with GDPR.
The CDP’s core function is fortunately strong enough to provide support to the GDPR that includes linking the data, finding the data to the specific customer. This is exactly what needs to meet the GDPR requirements for sharing, assembling deleting and correcting personal data. The linking capabilities of CDP are helpful as marketers need customer specific view for effective marketing. GDPR is also using same linking capabilities for a different purpose that is a valuable coincidence.
In the past few months, CDP has also gained momentum as investors are pouring money into the system as they called it customer-relationship management platform owing to its capabilities to provide single-view of the customer across multiple devices.
Venture capital is also funding CDP. In series C funding in last October, Bluecore raised $35 million. The same amount was also raised by mParticle a month earlier last year. Another company, Segment, in series C funding, raised $64 million a year ago.
Despite, the CDP market is defined, experts believe CDP will likely to acquire by ad-tech companies in coming days owing to the convergence of marketing tech and ad tech. Furthermore, experts believe, CDP is hot cake right now in the market and will likely to go up owing to the market demand.
Usefulness of CDP in GDPR:
There are many GDPR requirements that CDP help to support in the following manner:
The first usefulness is the identifying the source. It is inbuilt of CDP to identify the source of data as building a CDP needs to find out which organization gather customer data and what kind of data they have stored. This help to map out the data flows from GDPR processes, which also needs to complete inventory of data caches of the customer.
CDP connects with data sources unlike static data, which can be easily outdated. The CDP actively update data from source systems and it also feeds data back to the sources. This requires CDP operators to keep an eye on any changes in the source systems and help them to ensure their connections remain connected and functional. This capability supports GDPR requirements of correcting data and deleting data, in some cases. This also depends on the functional connections to source data.
CDP has always created a central copy of most of the customer data—helping to assemble data. The CDP has also the capability to read data, which remain outside the CDP. This process makes it easy and helps to assemble the complete set of personal data for correction, review and to export customer data. The linking capability of CDP helps to assemble customer data across different devices.
Auto-Correction of Data:
Many CDPs helps to correct customer data by creating a golden record, which helps to find out the most accurate information such as the name of the customer, address of the customer and status of the customer. This information can be sent back to the source system for correction purposes. This part of CDP is also required by GDPR. It also decreases the chances of providing wrong information to the customer.
CDP can be used to track the authority who collected the data and where it has been used. It helps to document the authority of management system and will help to find out from where a data breach has happened. This may include details of links to contracts, personal consent, government regulation, and legal opinion along with other details. The system can provide tiny information as well like expiration dates—implying when authority is time-limited.
Having this kind of information assembled and tracked would help to efficiently find out the use of data. CDP can also be used to only receive GDPR compliant data by applying consent status to data functions. This helps to reduce system complexity along with operational complexity, which is created due to implementation if individual system.
CDP is very useful to manage data across different devices. It helps to track how data is shared with external processors, internal systems, and third parties. This help to enforce rules that help to ensure the rules that data is only utilized in an authorized way and it also makes it easier.
CDP also maintain the history of use of data that is also a requirement of GDPR and can provide history whenever is required.
GDPR requires designing system by keeping privacy in mind. CDP helps and support this requirement as it gives centralized access to data by allowing different systems and devices to share data without entering into one another’s system.
This helps the data to store at one place that reduces the exposure of data into different systems. This also implies that use and tacking of authorized system can be managed in CDP—reducing the risk of non-compliance and complexity.
There are following additional benefits of the CDP beyond meeting GDPR requirements.
The CDP is used to give access to the external system as it is designed to provide data to other systems as well. This feature of CDP helps to coordinate customer data across multiple devices. This will also help to personalize messages within each channel. predictive models, attribution and artificial intelligence can greatly get benefit from easy connections.
CDP is cost-effective system as it a packaged software. This implies that it has built-in features, which an IT department needs to develop otherwise. The features include tools, source system, APIs to reduce the complexity of connections to the new system, data cleaning, data identifying, data matching and marketing along with other features. Compare to other packaged software, CDP is reliable, cheaper, less risky and fast to fulfill the requirements.
The CDP works independently as it requires data from different sources without giving access to another system. This feature makes CDP easier to replace old system when required—reducing the risk of loss of customer data stored in another system. It also never disrupts other systems and it is the best system for organizations, which requires sophisticated systems.
In The End:
The organizations still need to modify their system to adherence to upcoming regulations of GDPR. The companies require developing the operational system, which can avoid unauthorized data, collect correct consent, and can delete or make changes in the system when needed.
Companies will also need to review their business partners and processors to make sure that they comply with update GDPR and provide security. CDP is the on the solutions that can take care of many challenges, posted by upcoming GDPR and also by assembling data to provide single-view on the data of customers. Organizations are running short of time that still not have GDPR solution in place. They should review CDP carefully whether it can be a part of their final design as the deadline is just a few days away.