Yeah, we know: it’s only a couple of weeks since our last GDPR update. But the panic levels are rising because the regulation takes effect in a mere six months from now. And marketers are
trying to make sense of the opposing opinions, differing polls and the welter of new regtech products that help with compliance.
Among those new offerings is one from Gigya, the customer identity management company, which does 45% of its business in Europe. It recently introduced a product called Gigya Enterprise Preference Manager,
which allows firms to manage consent settings and customer preferences, in compliance with GDPR.
As Gigya sees it, the key issue is resolving the identity of those who give and withdraw
permission to use their data. It’s not easy, given the many systems and databases that exist at some companies.
“We work with one major pharmaceutical company in Europe, that
has over 1800 systems internally that contain customers’ personal data,” says Gigya CMO Jason Rose.
Gigya can help companies pull all that data together in a centralized
fashion, Rose says. That means it can determine a consistent identity for all those permissions and unsubscribes, some done on Gmail, some on Yahoo, often with different spellings.
“Technically, it doesn’t matter,” Rose states. “When we have an account that’s logged in different places, we can do deterministic matching based on the device
ID.”
Then there’s Openprise, which claims to be a one-stop shop for companies trying to comply with GDPR. It recently introduced the
Openprise Data Orchestration Platform, which automates data onboarding, data cleansing and enrichment, data unification across systems and data delivery.
It can also help with other
problems—like the fact that some vendors won’t sign data protection agreements (DPAs), assuring users that they are in compliance with the GDPR.
“You need to sign a
DPA that certifies where you got data from and that you’re not breaking any laws,” says Allen Pogorzelski, vice president of marketing for Openprise. “But none will sign a
DPA.”
Why won’t they sign? Because they’re getting the data from many sources. And many companies are buying up data, knowing that “they won’t be able to do
it after May 18th.” Pogorzelski says.
However, Openprise claims it can help, by providing fine-grained data capabilities. If a person only provides an email address and name,
“you don’t know they’re in the EU,” Pogorzelski says. “We can identify EU data if the country field isn’t filled out. And we can control the flow of EU data out of
your company. so you can use third-party data providers even if they don’t have a DPA in place.”
Sadly, GDPR awareness remains dim in some sectors. Openprise fielded a survey of
250 registrants at the recent Dreamforce conference, and preliminary show that the “the vast majority that are responsible don’t know anything about it,” Pogorzelski reports. So
education is part of the mission of all vendors helping with GDPR compliance.Yet U.S. firms with European customers risk heavy fines if they don't comply.
Still another type of service
is offered by BitSight, which functions as a cyber security rating firm, somewhat like a consumer credit bureau.
“If you’re an
organization doing business with hundreds or thousands of different third parties, you want to know the security posture of a company before you go into business with them,” says Jacob Olcott,
VP at BitSight.
Under GDPR, companies are responsible for using compliant vendors. But it’s not easy to achieve that. BitSight offers supply chain risk management with ratings
based on external observations of organizations.
BitSight largely serves the financial and insurance industries, but can help other types of companies.
GDPR doesn’t only affect
consumer marketing.
“There’s no difference at all between B2B and B2C,” says Julian Archer, senior research director at SiriusDecisions, a firm that serves a B2B customer base, offering advisory and consulting services for marketing operations, governance of data, and
compliance with GDPR.
Interest is growing, Archer says. “Six months ago, it was a trickle,” he states. “Now we take four calls a day on GDPR.
Contrary to those
who predict the end of marketing, Archer sees GDPR as an opportunity: It will simplify matters and force companies to look at their processes and data management.
It will also simplify
things.
“There are 28 countries in the EU, and all 28 write their own national laws,” he says. “The GDPR is a European Union-wide law.”
But Archer strongly
recommends using a double opt-in for permission. And he urges U.S. marketers to stop thinking in terms of personally identifiable information (PII), a tiny subset of the whole data picture
GDPR covers “any information that can directly or indirectly identify someone—a chart, an IP address, location, search history—it’s all covered under the EU as personal
data.”
He counsels, ‘Stop using the term PII. You’re not being honest with yourself and not looking at the full scope of things.”
Archer continues that
marketers need not go over it line by line to find “what’s the law in Argentina, or Ecuador or Lichtenstein.” If you have consent, firms like his can help you cope with it.
Finally, let’s look at Identillect, which says it can help firms with the many nuances of the GDPR.
“When you look at regulations,
they all function the same way,” says Todd Sexton, CEO of Identillect. “There are
18 personal identifiers, and they’re asking you to encrypt those identifiers or mask them so
you cannot pull additional info on that person.”
Sexton adds that Identillect is “100 compliant with GDPR,” and that its system is geared to helping clients do all they need
to do to comply.
Had enough for today? Wait—this just in. AxonIQ, a software platform provider for event-driven microservices systems, is offering its
GDPR Module for data erasure such systems. The GDPR requires data erasure—on request, but it is a difficult problem and “stressful for companies who are tasked to implement solutions or
risk severe repercussions," states Jeroen Speekenbrink, CEO and co-founder of AxonIQ. That’s where firms like AxonIQ come in.
One caveat MediaPost does nor endorse or vouch for any
of these services.
We’ll catch up again soon.