[[{"@context":"http:\/\/schema.org","@type":"Article","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article","articleBody":"We live in an era of data \u2013 from minor transactions to the biggest behavioral groundswells. As data becomes more central to marketing and strategy, the issues of data compliance, consent, and intent can become roadblocks. While a swath of companies use customer data management to deliver exceptional experiences, many are still figuring out where to start.\nWhat is data compliance? The definition of data compliance is an all-encompassing term referring to the practices and industry standards that are in place to ensure customer (and company) data is secure \u2013 protected from data theft, misuse, and loss. The term also refers to the regulations \u2013 like GDPR and CPRA \u2013 that dictate how data is collected, managed, and stored within organizations.\n \nWhat is CPRA? California Privacy Rights Act: Basics and Overview\n As CPRA and the privacy-first web continue to gain traction, organizations need to adapt. Customers demand transparency about the collection and use of their personal information. Planning now saves you fines and headaches in the future. \nSo, how do you make sense of customer data?\n It can feel that data is infinite. A customer data management plan with a customer data platform can create order and access in real-time.\n \nCustomer data solutions can help you turn your data into valuable insights that drive ROI. But to leverage them effectively, you need to understand where you are now. Let\u2019s dig into the finer points of data compliance so that you\u2019re more than ready for what lies ahead.\nWe\u2019ll start with the importance of data maturity and move into the language around data that impacts compliance.\nDetermining your customer data maturity\nData insights deepen over time, which is the concept of customer data maturity. When a company integrates data into its process, allowing it to inform customer-facing actions and longer-term planning within the organization, it can then identify opportunities through predictive analysis.\nAssessing your data\u2014collection, interpretation, and use\u2014helps to inform what changes to make to your data strategy.\u00a0\nStart with these questions:\nWhere are your customer data management efforts now?\nWhat data are you collecting?\nFor your customers, what is the experience you are delivering?\nDoes your path have a clear destination?\nAre there specific things or data you need to get there?\nCan you identify the actions required to achieve your goals?\nA journey of 1,000 miles: Measuring your customer data maturity milestones\nWhen you use a data framework, you can see where you line up against data maturity models. There are several different models you can reference, generally broken down into four or five tiers.\nFor our purposes, we\u2019ll be using a 5 level framework, which assumes that you\u2019ve collected at least some customer data. It also steers you to an end goal of a seamless, unified customer experience. Get started:\nLevel 1: Ability to identify and understand your customers\u2019 digital identities\nLevel 2: Ability to manage customers\u2019 data privacy and consent preferences\nLevel 3: All customer data \u2013 offline and online, front-end and back-end, structured and unstructured \u2013 is consolidated into unified customer profiles.\nLevel 4: Ability to differentiate through data-driven insights\nLevel 5: Achievement unlocked: Unified, omnichannel personalization\nThose are our guardrails. Most companies will fall somewhere in the middle.\nAssuming your goal is to progress to a higher level of maturity, different customer data solutions can help.\nAnother resource is understanding the language around data compliance, particularly in terms of rules. The more you\u2019re able to strengthen your view of the customer through identity resolution and share insight across your enterprise, the more your data management strategy will illuminate the tactics for data compliance that delivers enduring cx benefits.\nData compliance: Breaking down legal terms marketers must know\nDigital Identity: The entirety of personal data online that can be followed back to a person\u2014 from images and comments on social media to browsing and search history, to online banking and activities on gaming, streaming, or shopping sites.\nPersonally Identifiable Information (PII): Representative of any sensitive information connected to an individual that can identify or pinpoint their location.\nPersonally Protected Information (PPI): Social security number, home address, date of birth, home phone number.\nAnonymization: The process of removing or obscuring PPI or PII from data to create data sets that inform but do not reveal the identities of the people represented.\nPseudonymization: This data processing creates a separation between the data subject and the personal data. A person cannot be identified without additional data that is stored separately. GDPR speaks directly to this type of data management.\nConsent: An independently offered indication of a person\u2019s interest through a statement or affirmative action, qualifies as consent around personal data so long as there is an option to withdraw consent*.\nExplicit consent: According to the GDPR, this consent requires a written statement or a digital note, the key being that it must be able to be verified, something that would be difficult to do with an oral form of consent.\nUnambiguous consent: This involves knowingly checking a box or agreeing to technical terms.\nLegitimate interest: An unspoken agreement (though enforced by laws like GDPR) that allows a user to trust that companies will use the data they collect for things of use or importance to the individual. It depends on purpose, necessity, and balance: Is there a legitimate interest behind the processing? Is the processing necessary for that purpose? Is\u00a0the legitimate interest overridden by the individual\u2019s interests, rights, or freedoms?\nFirst-party data: Data collected by companies through their site.\nSecond-party data: Another organization\u2019s first party data then shared or sold to another entity for whom it is second-party data.\nThird-party data: An organization or data aggregator collects, packages, and sells data to other entities.\nWalled gardens: If data collection and storage were like the fable of the three little pigs, a walled garden would be the house built of bricks. It protects and contains everything within it, meaning the data in a walled garden isn\u2019t intended for sharing.\nDark patterns: Precisely what it sounds like, are tactics or practices intended to trick people on the internet into purchasing, committing to, or signing up for things without clearly understanding that they are doing it.\n*The privacy-first web is coming, and with it, an inability to be tricky or disingenuous with data. The best plan is to create a culture and framework built around the integrity of relationships we have with customers.\nHow to effectively use customer data along the customer journey\nOnce you\u2019ve identified your starting point, the next step on your quest to make the most of customer data and unlock its CX superpowers is to stock your toolbox. Which solutions you choose to invest in will depend on where you fall on that maturity model. As you create a data foundation, you\u2019ll be able to benefit from real-time data including a single customer view. Over time, you\u2019ll be able to track your progress and continue to build your data maturity as you integrate a customer data management plan.\n\u00a0\nLevel 1: Ability to identify and understand your customers\u2019 digital identities\nYou may need help reconciling your customers\u2019 digital identities. It isn\u2019t enough to collect data, you need to have a plan and a process, a recipe if you will, that turns all those data ingredients into something delicious.\u00a0Identity and access management solutions can help. Identity resolution unlocks the ability to personalize your customers\u2019 experiences by helping you get to know who they are.\nLevel 2: Ability to manage customers\u2019 data privacy and consent preferences\nOnce you are able to recognize your customers and begin personalizing their interactions with your brand, they may be willing to share more of their personal information. It\u2019s critical that you\u2019re able to manage their privacy preferences easily and securely. It\u2019s the first step to building a foundation of trust that drives lasting customer relationships. And breaking that trust will cost you dearly.\nIf your focus is simply on mastering Level 2, you can use a bespoke consent and preference management solution. Solutions like these help you clearly communicate what data you\u2019re collecting and capture consent from your customers. They also make it easier for customers to update and manage their privacy and consent preferences, a non-negotiable for consumers today. Ultimately, a customer data management plan is an insurance policy for compliance and customer satisfaction.\nLevel 3: All customer data \u2013 offline and online, front-end and back-end, structured and unstructured \u2013 is consolidated into unified customer profiles\nThe next step on the ladder is data unification. That means that all your customer data \u2013 from across multiple channels and disparate systems, are brought together into the data foundation of a single database, and used to create dynamic customer profiles.\nThis is a huge step towards unlocking deep personalization, which has long been a roadblock for many companies. Especially enterprises that manage multiple business units across various regions and departments.\nTo achieve this, you\u2019ll want to use a customer data platform (CDP).\n \nWhat is CDP? | Customer Data Platform, defined\n Businesses have lots of data - but what do they do with it? Discover how a CDP helps organizations reach customers, identify intent, and personalize messaging to exceed KPIs and bottom line projections. \nCDPs are designed to collect, clean, and organize your customer data from your key sources, and store it in a single place which then feeds back into those source systems. (That includes the identity and consent data mentioned earlier.) It\u2019s not a data lake or stagnant repository, though.\nWhen you unify your data, it becomes more actionable and insightful. Your customer profiles become richer \u2013 pulling in information from in-store transactions, online service requests, and everything in between.\nCustomer data management opens doors to opportunities like:\nPersonalized communications when product warranties are expiring, up-selling warranty extensions (combining customer purchase and product data which may otherwise be separate)\nTargeted birthday emails that include personalized offers based on past engagements (combining personal, online and offline data)\nThese types of experiences are becoming more and more expected from consumers. And a CDP helps simplify their execution.\nLevel 4: Ability to tap into rich customer insights\nThe penultimate rung on our ladder is about insights.\nThis is the heart of what it means to demystify customer data. It\u2019s turning large swaths of data points into valuable insights and information.\nOnce your data is centralized and unified in a single place (like a CDP), you want to start tapping into your analytics. Using AI and machine learning tools, you can uncover trends and patterns about your customers, products, campaigns, and more.\nA CDP can help here, too. By collecting data from across the entire customer journey into dynamic customer profiles (and updating those profiles automatically), you get deeper insights into each customer on an individual level.\nWe have the technology: Benefit from customer data with a CDP\nIf you\u2019re waiting for the right moment to embark on your customer data journey, this is it. No matter where you fall on the ladder, there\u2019s no time like the present to begin your evolution.\nA CDP is a useful tool in bringing your digital transformation vision to life. It makes sense of your customer data and uncovers deep, valuable insights. Businesses of every size and at every stage of maturity can benefit from that.\nWhether you\u2019re ready to go all-in and transform your entire customer data experience, or launch a pilot program with a single channel or territory. We all need to start somewhere. So why not start where you are?\nReal-time insights. Across all touchpoints. Yes. For real. See the demo HERE.","author":{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_Person","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_Person_ImageObject","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/uploads\/2017\/08\/Emily_Kelly-150x150.jpg"},"name":"Emily Morrow","sameAs":["https:\/\/twitter.com\/emkmorrow","https:\/\/www.linkedin.com\/in\/emilykmorrow\/"],"url":"https:\/\/www.the-future-of-commerce.com\/contributor\/emily-kelly\/"},"dateModified":"2021-09-27T14:44:31+00:00","datePublished":"2021-08-25T05:01:25+00:00","description":"Data compliance encompasses the standards and regulations in place to ensure data is secure, protected from data theft, misuse, and loss.","headline":"Data compliance: An ultimate guide to consent, privacy, and best practices","image":{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_ImageObject","height":"630","url":"https:\/\/www.the-future-of-commerce.com\/wp-content\/uploads\/2021\/07\/CDP-foundation-or-addition_1200x375-1200x630.jpg","width":"1200"},"mainEntityOfPage":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/","name":"Data compliance: An ultimate guide to consent, privacy, and best practices","publisher":{"@type":"Organization","@id":"https:\/\/www.the-future-of-commerce.com\/","additionalType":"https:\/\/www.wikidata.org\/wiki\/Q1193236","description":"Relevant, timely information & analysis on commerce trends, both consumer-facing and B2B.","logo":{"@type":"ImageObject","@id":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","height":"96","url":"https:\/\/23x6xj3o92m9361dbu2ij362-wpengine.netdna-ssl.com\/wp-content\/themes\/hybris_foc\/assets\/images\/layout\/logo-new-2x.png?_=1","width":"500"},"name":"The Future of Customer Engagement and Experience","sameAs":["https:\/\/podcasts.apple.com\/us\/podcast\/a-call-for-a-better-experience\/id1479742201","https:\/\/twitter.com\/FutureOfCEC","https:\/\/www.linkedin.com\/groups\/4844282","https:\/\/www.the-future-of-commerce.com\/feed\/"],"url":"https:\/\/www.the-future-of-commerce.com\/"},"url":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article"},{"@type":["Article"],"@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article","@context":{"@vocab":"http:\/\/schema.org\/","kg":"http:\/\/g.co\/kg"},"url":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/","publisher":[{"@id":"https:\/\/www.the-future-of-commerce.com\/"}],"author":[{"@type":"Person","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_author_Person","image":[{"@type":"ImageObject","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_author_Person_image_ImageObject","url":"https:\/\/cdn-bijap.nitrocdn.com\/AuMaQmessFRMSicXmZsEecJFLEquAyoT\/assets\/static\/optimized\/rev-b3d386d\/wp-content\/uploads\/2017\/08\/Emily_Kelly-150x150.jpg"}],"sameAs":["https:\/\/twitter.com\/emkmorrow","https:\/\/www.linkedin.com\/in\/emilykmorrow\/\nhttps:\/\/twitter.com\/emkmorrow"],"url":"https:\/\/www.the-future-of-commerce.com\/contributor\/emily-kelly\/\nhttps:\/\/www.the-future-of-commerce.com\/contributor\/emily-kelly\/","name":"https:\/\/www.the-future-of-commerce.com\/contributor\/emily-kelly\/\nhttps:\/\/www.the-future-of-commerce.com\/contributor\/emily-kelly\/"}],"subjectOf":[{"@type":"FAQPage","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#Article_subjectOf_FAQPage","mainEntity":[{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity0","name":"What is data compliance?"},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity1","name":"So, how do you make sense of customer data?","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity1_acceptedAnswer_Answer","text":"Customer data solutions<\/a> can help you turn your data into valuable insights that drive ROI. But to leverage them effectively, you need to understand where you are now<\/em>. Let\u2019s dig into the finer points of data compliance so that you\u2019re more than ready for what lies ahead.We\u2019ll start with the importance of data maturity and move into the language around data that impacts compliance."}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity2","name":"Determining your customer data maturity","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity2_acceptedAnswer_Answer","text":"Data insights deepen over time, which is the concept of customer data maturity. When a company integrates data into its process, allowing it to inform customer-facing actions and longer-term planning within the organization, it can then identify opportunities through predictive analysis.Start with these questions:<\/strong>
  • Where<\/strong> are your customer data management efforts now?<\/li>
  • What<\/strong> data are you collecting?<\/li>
  • For<\/strong> your customers, what is the experience you are delivering?<\/li>
  • Does<\/strong> your path have a clear destination?<\/li>
  • Are<\/strong> there specific things or data you need to get there?<\/li>
  • Can<\/strong> you identify the actions required to achieve your goals?<\/li> "}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity3","name":"A journey of 1,000 miles: Measuring your customer data maturity milestones","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity3_acceptedAnswer_Answer","text":"When you use a data framework, you can see where you line up against data maturity models. There are several different models you can reference, generally broken down into four or five tiers.
  • Level 1:<\/strong> Ability to identify and understand your customers\u2019 digital identities<\/li>
  • Level 2:<\/strong> Ability to manage customers\u2019 data privacy and consent preferences<\/li>
  • Level 3:<\/strong> All customer data \u2013 offline and online, front-end and back-end, structured and unstructured \u2013 is consolidated into unified customer profiles.<\/li>
  • Level 4:<\/strong> Ability to differentiate through data-driven insights<\/li>
  • Level 5:<\/strong> Achievement unlocked: Unified, omnichannel personalization<\/li> Those are our guardrails. Most companies will fall somewhere in the middle.Assuming your goal is to progress to a higher level of maturity, different customer data solutions<\/a> can help.Another resource is understanding the language around data compliance, particularly in terms of rules. The more you\u2019re able to strengthen your view of the customer through identity resolution and share insight across your enterprise, the more your data management strategy will illuminate the tactics for data compliance<\/a> that delivers enduring cx benefits.\"Image<\/a>"}]},{"@type":"Question","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity4","name":"Data compliance: Breaking down legal terms marketers must know","acceptedAnswer":[{"@type":"Answer","@id":"https:\/\/www.the-future-of-commerce.com\/2021\/08\/25\/customer-data-compliance-and-consent\/#subjectOf_FAQPage_mainEntity4_acceptedAnswer_Answer","text":"
  • Digital Identity: <\/strong>The entirety of personal data online that can be followed back to a person\u2014 from images and comments on social media to browsing and search history, to online banking and activities on gaming, streaming, or shopping sites.<\/li>
  • Personally Identifiable Information<\/strong> (PII):<\/strong> Representative of any sensitive information connected to an individual that can identify or pinpoint their location.<\/li>
  • Personally Protected Information<\/strong> (PPI):<\/strong> Social security number, home address, date of birth, home phone number.<\/li>
  • Anonymization: <\/strong>The process of removing or obscuring PPI or PII from data to create data sets that inform but do not reveal the identities of the people represented<\/a>.<\/li>
  • Pseudonymization: <\/strong>This data processing creates a separation between the data subject and the personal data. A person cannot be identified without additional data that is stored separately. GDPR speaks directly to this type of data management.<\/a><\/li>
  • Consent: <\/strong>An independently offered indication of a person\u2019s interest through a statement or affirmative action, qualifies as consent around personal data so long as there is an option to withdraw consent*.<\/li>
  • Explicit consent: <\/strong>According to the GDPR, this consent requires a written statement or a digital note, the key being that it must be able to be verified, something that would be difficult to do with an oral form of consent.<\/li>
  • Unambiguous consent: <\/strong>This involves knowingly checking a box or agreeing to technical terms.<\/li>
  • Legitimate interest: <\/strong>An unspoken agreement (though enforced by laws like GDPR) that allows a user to trust that companies will use the data they collect for things of use or importance to the individual. It depends on purpose, necessity, and balance<\/a>: Is there a legitimate interest behind the processing? Is the processing necessary for that purpose? Is the legitimate interest overridden by the individual\u2019s interests, rights, or freedoms?<\/li>
  • First-party data: <\/strong>Data collected by companies through their site.<\/li>
  • Second-party data: <\/strong>Another organization\u2019s first party data then shared or sold to another entity for whom it is second-party data.<\/li>
  • Third-party data: <\/strong>An organization or data aggregator collects, packages, and sells data to other entities.<\/li>
  • Walled gardens: <\/strong>If data collection and storage were like the fable of the three little pigs, a walled garden would be the house built of bricks. It protects and contains everything within it, meaning the data in a walled garden isn\u2019t intended for sharing.<\/li>
  • Dark patterns: <\/strong>Precisely what it sounds like, are tactics or practices intended to trick people on the internet into purchasing, committing to, or signing up for things without clearly understanding that they are doing it.<\/li>