Companies around the globe are scrambling to prepare for the European Union’s General Data Protection Regulation (GDPR), which is set to begin enforcement on May 25. So why is Blaine Carter, Chief Information Security Officer at FranklinCovey, so calm, cool and collected? As I discovered during a recent webinar that I was honored to host, FranklinCovey’s holistic approach to GDPR compliance has the company feeling prepared ahead of the dawning of a new data protection era.
What do I mean by a “holistic approach”? Well, it’s easy to pigeon-hole GDPR compliance as a problem for marketing and IT departments to solve. Blaine admitted FranklinCovey had made that mistake when it first tried to address the issue. Unfortunately, this narrow strategy quickly runs into dead ends.
As FranklinCovey experienced firsthand, and as we’ve seen with many of our clients, GDPR compliance efforts truly gain traction when every part of the organization gets involved.
Let’s look at three examples of where this holistic approach helped FranklinCovey advance its data protection and consumer privacy efforts.
Blaine said his company’s executives first viewed GDPR compliance as a “tough nut to crack”. After exploring the needed technological and procedural changes, however, they realized it would be a worthwhile endeavor for both the company and its customers.
“[In the past], it was a bit of a one-sided conversation: ‘How can we use your data’?… [Now], there’s a whole new world around that conversation. It needs to happen on a 1:1 basis… and the company culture has to be aligned to make the conversation happen.”
For major enterprises like FranklinCovey, company-wide alignment is another tough challenge. Luckily, their executive team led the way.
“The approach that finally worked for us was a top-down approach… To get buy-in from those key stakeholders across all avenues of the business and go from the top all the way down to individualized roles.”
Through this top-down, holistic analysis, FranklinCovey was able to craft and operationalize a company-wide compliance strategy.
Managing Global Markets
A key tenet of the GDPR is obtaining and explicit consent from consumers for marketing activities and communications and managing it throughout their relationship with the business. This requirement can get complex in a hurry, especially if the company operates in markets around the globe.
I pointed out that, “each of those markets are running their own instances of a website or commerce solution. A user can easily have multiple consent agreements based on the branded sites and the regions they’ve visited.”
Blaine agreed and cited FranklinCovey’s expansion into China as an example.
“Going into China, there were a lot of things we took for granted that we could do. But when we started investigating, they were not true. The hard thing is to not jump in with both feet right away. Instead, you have to do your homework… Every country has a different type of culture… when it comes to privacy or compliance.”
To address this issue, I highlighted the benefits of centrally managed customer data. Instead of letting data exist in silos, you can collect it all into a unified profile view for each customer.
“A single view of the customer record can be used to govern account status, consent and preferences across your different CRMs, as well as across the different [technology] solutions you have and the brands and markets you operate in.”
By taking this holistic approach to managing customer profiles, global enterprises can be better prepared to handle the complexities of collecting and managing consumer preferences and consent that arise as they expand into new markets.
New Data Access Rights for Consumers
The power of the profile is skyrocketing. Why? In this era of heightened consumer privacy concerns, the most-cited reason customers leave brands is because they have discovered the brand used their data without their knowledge.
An effective counter to this problem is to provide an intuitive account profile that offers a transparent “handshake” to the customer about what data is being collected and used. It can also afford the customer control over their profile information, communication preferences and consent settings.
Blaine agreed, saying:
“The awareness of the public [about their profile information] is at the highest point it’s ever been. And if the profile is unable to meet the needs of the customer… they’re going to look somewhere else… because they’re not getting one of the key things they want.”
Thanks to GDPR requirements, account profiles are poised to become even more significant. Companies are required to provide consumers with a host of data access rights in an easy, intuitive way. Our customer data management solution, for instance, provides this access via a self-service preference center that is associated with account profiles.
Yet, the interface is just one aspect of the solution. As Blaine said, ensuring all departments are in sync is another key point.
“All departments [should] review their processes to make sure nothing sneaks by. Everything from order processing to account deletion can lead to a lot of issues if all departments aren’t taken into consideration.”
Building off Blaine’s example of account deletion, I emphasized the need for effective consent enforcement. If a customer deletes an account, a business needs to be able to enforce that request in all its downstream applications and services.
Despite FranklinCovey’s due diligence, Blaine said the new era of GDPR enforcement will still be a major time of transition and uncertainty for his business and many others. Put simply: companies still don’t know exactly what will happen.
However, we both agreed that his company’s holistic preparation approach has resulted in many benefits. It’s also positioned his company to build more trusted customer relationships based on transparent data use, two essentials for success and compliance in a world of GDPR enforcement.
If you’d like to hear how another major company is preparing for the GDPR, sign up for my next webinar. I’ll dive deep into the topic with Sander Kieft, Manager of Core Services at Sanoma, a leading media and learning company based in Helsinki, Finland, with operations in more than ten European countries.
By Rashmi Vittal