Why marketers may still need to find a ‘true’ customer data platform?

With all the power of the major CRM packages, this may sound like a stupid question; but we have had multiple clients that use CRM vendors come to us recently because they are not getting the ‘true’ customer data platform, and hence single customer view, they need.

And these clients come from very different sectors including sport, financial services, and charity.

A single customer view that isn’t ‘true’ has some unfortunate consequences.

It becomes very difficult to accurately fulfil GDPR Subject Access Requests if Mr Smith appears several times in the system. It can lead to wasteful and irritating communications such as sending two emails to the same person at the same time. It will mean that you can be treating the same person as a high value customer and as one that has become dormant. It can mean you’re submitting an existing customer to a welcome programme because they changed their email address. It makes your dashboards describing customer recruitment and attrition inaccurate, and so on and so forth.

We believe that the problem has arisen for two key reasons:

  1. the simple one is that the CRMs may let different users set up the same individual multiple times on the system without warnings, unless the contacts provided are absolutely identical
  2. the more complicated one is that correctly identifying individuals is in fact far from simple.

So, you may have an individual with a work email and the same individual with personal email, but they share the same mobile phone number and cookie ID.

They may use a different weekend and weekday name and address, but the same email. Or they may have several devices, hence cookie IDs, but a single email address. And so it goes on.

When we set about designing UniFida, our cloud-based customer data platform, we recognised that correctly identifying people is not only very important, but also very difficult.

So we decided to store as many different types of identifiers as we could. And most importantly to store the history of them, so that we never delete an identifier, unless of course someone is exercising their right to be forgotten.

It does mean that our system has to do a lot more work when new data arrives, because it has to look at all possible identifiers belonging to all personal records before deciding where to place new information.

And that can have interesting results. As well as bringing in new identifiers to an existing record, perhaps a new cookie ID, it can in some cases link together two people whom the system had been previously keeping separate. For instance two different email addresses can be found to have the same mobile phone number, and belong to the same person.

We call the process Purning, because we create a permanent URN, or unique reference number, for each individual, and that stays the same, even if over time all their identifiers may have changed.

As long as we can link a new identifier to an existing one, we know where to put the data that accompanies it.

Anthony and Julian of UniFida

Meet two of our team, Anthony and Julian, demonstrating UniFida.

Contact us if you are interested in a no-obligation chat about how we can help your business.

UniFida logo

UniFida is the trading name of Marketing Planning Services Ltd, a London based technology and data science company set up in 2014. Our overall aim is to help organisations build more customer value at less marketing cost.

Our technology focus has been to develop UniFida. Our data science business comes both from existing users of UniFida, and from clients looking to us to solve their more complex data related marketing questions.

Marketing is changing at an explosive speed, and our ambition is to help our clients stay empowered and ahead in this challenging environment.

The far from simple task of responding to a subject access request

What’s the full process and GDPR requirements when responding to a subject access request?

When individuals call into your fulfilment centre, or reach you via email or letter, with a request exercising their rights under GDPR, they will be triggering what is, in reality, a complex process. They may alternatively be directly accessing your on-line privacy portal, using self-service, but the steps that they will follow will be broadly the same.

 

Here’s a 10 step guide to all the process intricacies involved when responding to a subject access request

 

Step 1: Have all your data relating to each individual that your organisation deals with joined together into a single customer view

This will need to include on-line data you are holding like pages browsed linked to cookie IDs, as well as off-line data such as transactions. To make matters more difficult, the personal data may be held in an unstructured form such as emails or reports. It will be far beyond the capabilities of most organisation to have the unstructured data pre-packaged as part of the single customer view, but you will at least need the capability of searching for it.

 

Step 2: Identify that the individual approaching you is who they purport to be

If they reach you by email or letter, you will most probably have a requirement to verify them by checking on some other identifiers you may hold, to avoid handing over personal information to the wrong recipient or making false changes to the information you hold on someone.

 

Step 3: Be able to access what some people are now calling a consent vault

This is the place where all the opt-ins and opt-outs are held. GDPR has defined the information you need to hold about each consent that has been provided, such as how it was obtained and what statement the individual is agreeing or not agreeing to. The consent vault will, we expect, naturally form part of the single customer view. However, as well as holding the individual consents you will need to interpret them so that you can inform Mrs Smith of what, as things stand, you may or may not use her data for. We suggest developing a set of ‘traffic lights’ that work off the consents already provided, and which give clear guidance about what types of activity may be undertaken by which channel.

 

Step 4: Allow Mrs Smith to change her consents

This is going to be much easier if you have the traffic light system as Mrs Smith will have a clear idea of what is in place for her now, and hence what she might want to change. The new consents or withdrawal of consents will need to be data captured and potentially a record of that change sent to Mrs Smith.

 

Step 5: Mrs Smith asks for a copy of all the information you hold about her

A relatively easy step if you have the single customer view in place, but a much more difficult one if you don’t. And then if you have unstructured data referring to Mrs Smith this will also need to be searched. There are technology tools around to help your search process if the amount of unstructured data is very considerable or spread over several different systems.

 

Step 6: Mrs Smith sees her data and wants to correct it

The corrections will need to be data captured and the changes will need to be communicated to any systems that are upstream of where the single customer view is being held. Good practice will, we expect, be to send Mrs Smith some form of notification of the new details you are holding.

 

Step 7: Mrs Smith exercises her rights to data portability

You will then have to provide her data in machine readable format to another data controller that she specifies. We envisage creating an HTML or equivalent file, and sending it to Mrs Smith by email. The data transferred should include not just data provided by Mrs Smith but data generated by you.

 

Step 8: Mrs Smith exercises her right to be forgotten

In this case, you can maintain any non-personal data like transactions relating to her, but you have to delete or overwrite any personal data like email, mobile phone number, postal address, cookie ID etc. As well as deleting them in the single customer view, you will need to inform the upstream systems of the request so that they can do the same thing.

 

Step 9: Take account of Mrs Smith’s requests when it comes to further processing of her data

She may have opted out of profiling, which means that you will not be able to manipulate her data using algorithms to make decisions concerning what you do or do not want to say to her, or what offers you want to make to her. She may alternatively not have provided positive consent to be emailed, so you must not include her in email campaigns etc.

 

Step 10: Maintain an audit trail of what has been done with respect to responding to her subject access request.

We suggest that these actions are most conveniently recorded as part of the information held in the single customer view. In this way, you can meet any challenges from an individual or the ICO concerning how you are managing the GDPR processes.

 

We have developed our own cloud-based technology, called UniFida, to support clients in fulfilling such individual requests.

Contact us if you’d like our help with this.

 

UniFida logo

UniFida is the trading name of Marketing Planning Services Ltd, a London based technology and data science company set up in 2014. Our overall aim is to help organisations build more customer value at less marketing cost.

Our technology focus has been to develop UniFida. Our data science business comes both from existing users of UniFida, and from clients looking to us to solve their more complex data related marketing questions.

Marketing is changing at an explosive speed, and our ambition is to help our clients stay empowered and ahead in this challenging environment.