Over the past year, the General Data Protection Regulation (GDPR) has become the top priority for me and people like me who work with European customer data. Digital transformation projects have been paused and marketing has been refocused on checking that appropriate customer permissions are available and privacy notices have been refreshed. All to ensure that brands are complying with the new regulation and don’t face any penalties. Redpoint Global’s leadership position in the customer data platform space has taken me into many conversations about the impact and benefits of GDPR.
My conversations with organizations from outside Europe have been the most thought-provoking. The questions and understanding of GDPR can often be seen through a narrow lens.
- Why should I be bothered; isn’t this is just European bureaucracy?
- It can’t be that difficult; isn’t it just implementing the right to be forgotten?
- I have a tick box when people sign up for newsletters – doesn’t that make my organization compliant?
- If I implement this software/product then won’t I be compliant with GDPR?
- This doesn’t apply to my organization – we store the data outside of the EU.
This reflects a limited perspective about GDPR, and one I’d guess is rooted in the regulatory compliance side of the business. Based on hearing similar things from European and non-European organizations, I’d say there are two core challenges: understanding the scope of GDPR and understanding the benefits of GDPR for both consumers and brands.
GDPR for Non-Europeans
In terms of scope, GDPR is designed to codify into law that a consumer’s data belongs to the consumer, even if it is collected and held by an organization. This new standard gives the consumer several rights over their own data: to be informed what their data will be used for; to be forgotten if they ask; to correct any errors in their records; to transfer data from one brand to another; and to consent to any data collection.
As a direct result of GDPR defining these rights, consumers have become more comfortable interacting with brands who collect their data. Recent research found that 62 percent of consumers are now more confident sharing data with businesses, which in itself is huge for the state of commerce. A more confident consumer is fundamentally one more likely to be comfortable doing business with you. They’re also more likely to share data you can use in your marketing.
That’s key to understand: GDPR doesn’t mean brands can’t collect customer data, which is a common misconception I’ve heard a few times. What it means is that brands need to be transparent about their data collection and tell consumers in plain language why they’re collecting data. The old standard of “continuing to use our site means you agree to data collection” doesn’t apply in these situations anymore. Brands need to be affirmative in what they’re doing, and for what reason, because now consumers can decide whether they’re comfortable with data collection or not.
GDPR’s Benefit to U.S. Retailers
As a European, I walk into a U.S. retailer and expect to receive the best customer service in the world. Retail shops in the U.S. have centered the customer experience – at least at the store level – and many of them succeed at providing good in-person customer service. GDPR provides a framework for how to replicate that on the digital side, which means it ultimately allows retailers to have a more open and honest digital relationship with customers. From my perspective, the ability to have a richer relationship with customers is always a good thing.
Before brands can have that more honest relationship with customers though, they need to fix their data. Recent research found that 92 percent of organizations have 16 to 20 data sources, with that data spread across multiple locations in multiple formats. GDPR creates an opportunity to resolve these data silos and make it easier to access customer data across the organization. That data, once cleaned, needs to also be accessible to every person and every solution that needs it.
This is why a customer data platform (CDP) is a powerful addition to the marketing stack. CDPs are designed to link siloed point solutions into a single data portal, at speed, into a central command center. The idea here is to create a unified customer profile, what Redpoint calls a “golden record,” from siloed customer data and make it accessible to business users at the speed of the customer. When your customer data is unified through a CDP, that means you’re aware of where that information is in the organization. Knowing where your customer data is streamlines complying with GDPR because you’re able to assure customers that you can fulfill the regulation’s requirements, including the right to be erased. The golden record of a CDP also allows brands to be more customer focused, with the information business users need to orchestrate relevant interactions at business users’ fingertips.
The GDPR is fundamentally a customer bill of rights designed to put the ownership of PII back in the hands of the customer. It’s far easier for U.S. retailers to consider GDPR from this perspective – especially because complying with the rule is fundamentally about having an honest and open relationship with your customers. Really, is it ever a bad thing to tell customers in clear language what you’re doing with their data?