A Marketer's Guide to GDPR: 3 Practical Tips for Compliant Personalization

Nov, 20 2018

AdobeStock_181379251Note: This article as originally published in CMSWire

Marketers can be quick to hit the panic button at the first mention of the European Union’s General Data Protection Regulation (GDPR).

The dream of orchestrated, omnichannel personalization initiatives is finally hitting its stride, thanks to the emergence of new marketing orchestration technologies that work like customer relationship management systems, and to the abundance of first- and third-party data. But now marketers have to wonder whether the GDPR will put an end to personalization.

Worry Free Personalization

But they shouldn’t worry. In fact, the EU regulation might actually be the permission marketers need to personalize even further, for those customers who enjoy the benefits of personalization. Now, marketers don’t have to constantly worry about personalization becoming too intrusive, because the GDPR provides a mechanism for giving people choices — and the customers who choose to opt in to receiving personalized messages will be those who are highly engaged. In fact, the GDPR basically requires companies to adhere to the same best practices that email marketers have been following for years: that is, customers have a right to opt out.

But outside of email, marketing systems and practices were built around collecting and processing data that doesn’t include any direct feedback mechanism from customers. This worked well in the era of mass-customized marketing, but now that personalization efforts are becoming so granular as to target individual customers across multiple channels, people require a “delete” button or other feedback mechanism to improve how a brand would interact with them. Unsubscribing from emails is no longer enough.

Here are three practical tips for omnichannel marketers who want to continue to use personalization while complying with the GDPR.

1. Establish Excellent Customer Data Quality

In terms of ensuring GDPR compliance, establishing a mechanism that gives customers a way to submit requests for deletion is the easy part. Most marketers will work with their internal IT departments and external vendors to develop this functionality. But the more complex issue is identifying the trail of information necessary to ensure that customers’ requests are honored.

There are a lot of systems that exchange data about customers, both directly and indirectly. If the information about a customer is partial, or if a record contains the wrong information, this can make honoring a delete request impossible. For example, noncompliance could occur if you have two records for a customer, but the customer provides information that only partially matches one of the records. In such situations, you could fail to delete all of the records.

The best way to ensure excellent data hygiene is to use a customer data platform (CDP). But it’s important to distinguish between the role of the CDP and the role of the company using the CDP. As a downstream system, a CDP doesn’t erase anything in the source systems — that responsibility lies with the company. But what a CDP does provide is the linkage — the cleansed, deduplicated records — of customers across different source systems, making it easier for the company to go to the source systems and delete those records.

For example, using only the phone number for a customer who has requested to be deleted, a CDP can match that phone number to all other records and systems connected to that customer. This takes the worry and hassle of having to identify a single customer across multiple siloed systems out of the hands of the marketer and puts it into a technology designed to create a single source of customer truth. A CDP will delete records from its own system and give the marketers what they need to delete the records from all other systems.

2. Maintain GDPR Compliance as Part of a Broader, Cross-Functional Team

Marketers aren’t in this alone. Nor should they be. Most marketers underestimate both the scope of the GDPR and the rigor required to comply with it. They need a team to help them. GDPR compliance starts with an assessment of data assets affected by the new regulation. Brands should put together cross-functional teams of legal, marketing and technology experts to cover all aspects of the project to comply with the GDPR. The new law needs to be interpreted within the context of how a business operates, and marketing needs to work with legal and finance to determine which risks are acceptable and which are unacceptable.

3. Establish the Right Handoff Between Systems to Ensure Profile Deletion

For omnichannel marketers, data lives in multiple silos. Brands using a customer data platform have the benefit of a central, clean repository for all customer data. This comes in handy for GDPR compliance. When a customer submits a request to be deleted, a centralized system like a CDP receives and validates the request and then finds corresponding duplicate identities, acting as air traffic controller for the request. But, because each system expresses profile attributes differently, each individual execution system (e.g., website personalization system, mobile push notification system, etc.) needs to erase identities in its own way. The role of central customer repository is easily fulfilled by a customer data platform. The process for proliferating the deletion across all the execution channels will be determined by the cross-functional GDPR team.

Reap GDPR Benefits

The GDPR will benefit your brand’s relationships with customers, and it will help marketers more effectively personalize, because they will be reaching an audience that wants personalized experiences. If marketers put together a cross-functional team dedicated to ensuring GDPR success, and if they use a tool like a customer data platform to resolve identities, ensure data quality and maintain a central source of customer truth, they can reap the benefits of offering personalized messages to a highly engaged and responsive audience.