VEMT launches GDPR Module

In collaboration with our fantastic UK partner ‘The Marketing Innovation Group’, we have launched a GDPR Module for the VEMT Loyalty Marketing Cloud to address (potential) challenges that many of your clients have in dealing with this new European legislation.

GDPR key requirements

Single customer view

The issue for most businesses is the inability to identify and consolidate the many sources of data that exist within a business.  This consolidation or single customer view requires not only skills to know what data exists and where but also how to access and integrate data when data usually resides in different systems that are not compatible or in disparate locations that may belong to separate organisations providing outsourced services.  As you might imagine, this is normal for the VEMT Loyalty Marketing Cloud as a loyalty based system requires that data feeds come from numerous sources and channels that may include data capture in store, on-line, mobile and integrate with and capture campaign information from email, sms, till or web based transaction systems as well as probably providing real time access to and data capture from call centres and customer service teams that may be in different parts of the world.

GDPR requires that an organisation has access to and control of all of the potential sources of data captured on an individual both to ensure that the data is securely and correctly processed and also reported on by individual if necessary.

Data Capture, Privacy Policies and Consent to Receive Marketing Communications

The rules for managing data that is captured through the various systems in an organisation are increasingly complex and as yet not fully established and they are not expected to be confirmed until the latter part of 2017.  The very essence of the Loyalty marketing cloud is the building of an accurate and secure customer or member database comprising of many individual elements of data that together compile a unique individual record that can itself be inspected and audited over time.  Each addition, change, update or transaction enters the system with a source and time stamp that remains constant throughout the life of that individual’s record.  This forensic storage of data enables future analysis to for example identify which Privacy policy somebody signed up to if they have changed over time or when exactly a person opted-in to marketing communications or opted-out via an unsubscribe of an email.  This historical data provides the organisation with the ability to manage, suppress or exclude records according to their legal position at any moment in time.

KPI reporting

The transition from data aware to data centric that are the ideals and intentions of the new rules within GDPR requires that data can be more easily reviewed and reported on. Given the new responsibilities and potential fines of €20m or 4% of global turnover that may be faced as a result of compliance failure, board directors and senior managers need to know the volume and quality of data held in an organisation.  The loyalty marketing cloud is designed to aid proactive and explicit analysis and action and the ‘data dashboard’ is configured to show an exact status on any field of data. For example the dashboard may show that within the system there are 525,647 email addresses but that formal consent to market is held on only 235,876 whilst 52,453 are unsubscribed. The remaining 237,318 i.e. more emails than comprises the current marketing database are held but unusable.  Options can then be considered to resurrect suitable consents or for example automated communications established to encourage those ‘estranged’ data subjects to be recovered when they next engage with the organisation.

The reporting function can be easily configured and established to automatically provide reports to update decision makers ad hoc or at given periods.

Automated Data Updates

The very nature of the VEMT Loyalty Marketing Cloud means that the overall system and database is constantly being updated via its links to peripheral systems, data sources or on-going activity.  Rather than having to periodically and systematically gather data together to report on it, the cloud based system will automatically update and add new data and if necessary delete data once it has gone beyond its usage dates or relevance for which it was collected.

GDPR requires that Data Controllers review the relevance of the data they capture establish timings or durations for holding that data to still meet the criteria of relevance.

Data Dashboard and Data Subject Interface

A key requirement of GDPR is the changing rule over disclosure of what data is held on a data subject.  The new regulation is likely to require that a ‘Subject Access Request’  is not chargeable unless repeated and is required to be delivered faster than before and in a “commonly used digital format”.  The ideal solution for this is to provide a data dashboard that can provide the ‘Data Subject’ ( customer or member) with encrypted access to view what data is held about them and provide the ability for that person to update preferences and or select to have data removed from the system.  The loyalty marketing cloud not only provides this facility as  standard so that within a loyalty system the customer can check their points balances and transaction audit history but it can also be configured to establish level of security so that employees such as customer service personnel can access some level of data and not others.  The hierarchy for this access can be established so that only senior and authorised personnel can access or make changes and those times of access and or changes are then recorded also within the data history  for future reference.

GDPR requires many new constraints on organisations to fairly and legally process and use data but being already ‘data-centric’ and based in Holland, we are perhaps more aware and potentially ready to move businesses and organisations to secure and compliant data centricity.  Our systems are designed to provide the key values needed for GDPR and to make the process simple and effective in time for the changes:

• Inspection
• Validation
• Justification
• Rectification
• Dissemination

Prepared by Rob Bielby, July 2017