Esther Labrie is language specialist and content manager at Quadient. Joining the company in 2010, Esther specialized in upcoming themes in online marketing like digital communications, omni-channel and Big Data. Esther creates content that focuses on building a bridge between online marketing and customer centric selling. She enjoys music and literature and likes to spend time with friends and family.
In this blog, we will discuss what you should expect a GDPR software solution to handle when it comes to consumer’s rights. We believe that whatever solution you ultimately choose, it will need to be able to provide:
- Clarity as to where and what personal data exists by consolidating disparate, potentially redundant systems into a Single Customer View, with a Golden Record for every individual;
- Standardized, simplified and automated processes to support consumer data privacy rights and requests;
- Approval processes to ensure the right stakeholders are involved in the process to guarantee compliance and eliminate risk;
- Tracking and insight into consumer data requests which will be used for reporting to senior management and regulators;
- Compliant, omnichannel communication and interaction with your customers.
At Quadient, we believe that the combination of robust data management and customer communication management (CCM) will allow you to address the specific regulations that concern consumer’s rights such as the ones below.
1) Subject Access Request
The consumer is entitled to know what personal data has been stored. They can find this information by submitting what the GDPR calls a Subject Access Request (SAR). Upon receipt, you are obligated to tell them what data pertaining to them has been stored in your systems.
2) Limited retention period
Contact data can only be stored for a specified amount of time. For example, in your privacy statement you might state that you will store customer data as long as there is a relationship and once it has ended you'll keep the data for two more years. According to the GDPR, the moment the two years are over, you have to remove the data. A good solution ensures that the data is removed on schedule. With DataHub, you set a timestamp on the Golden Records and schedule automated processes that will check when a storage period has ended. The data is marked and removed automatically or by a data-steward or compliance officer who may need to check the records and approve them for removal.
3) The right to maintain contact data
Consumers also have the right to maintain their stored personal data. If the data is not correct, and you are notified, the GDPR says that you must be able to change it. If, for instance, you are addressing communications to Mr. J. Smith, and it turns out that the J stands for Julia, you must change the salutation if Julia Smith requests it. If you have not consolidated your data, you need to make the change in every system that contains information on this J. Smith. If you fix it in 99 out of 100 places you are not compliant.
4) Right to be forgotten
The consumer has the right to be forgotten, which is easier said than done. You not only have to remove the data, but you have to prove that it was done. How do you prove data was removed when it's not there anymore? When you have Golden Records, unique customers can be removed while their action log remains. When you remove a single source record, the data is gone, no system will be able to access it, but you are able to hand in the action log as proof of the removal —and you are GDPR-compliant.
5) Omnichannel approach
One interesting aspect of the GDPR is that you have to respond to an SAR in the same way that the customer contacted you. So, for instance, if a customer sends in the Subject Access Request by a physical letter, printed hard copy, you have to answer in print as well. But if the request comes in via email, you have to answer via email. This requires your organization to be multi- or omnichannel. This is another opportunity for you, because allowing your customer to communicate by the channel of their choice is a big part of providing an excellent customer experience.
Quadient has an end-to-end solution for GDPR that uses two of our market-leading solutions, DataHub and Inspire, to provide privacy and security controls, manage data, and allow you to communicate with consumers by whatever channel they choose. With Quadient, your company will be in compliance with GDPR and your customers will benefit from automated, secure communications for an enhanced customer experience.
To explore this topic further we invite you to download this free white paper: “GDPR: Where there’s risk, there’s reward”.