Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

How Centralized Account Profiles Help Sanoma Address the GDPR and Make the Impossible Possible

In a recent webinar, Sander Kieft, Manager of Core Services at Sanoma, joined me to discuss his company’s experiences addressing requirements of the European Union’s General Data Protection Regulation (GDPR). At one point during the interview, I asked him about the value of centralized customer profiles and his response was particularly insightful.

In this post, I will dig deeper into the question I asked, Sander’s illuminating response and the important takeaways for your business.

Sanoma’s GDPR Compliance Efforts

First, let’s set the stage.

Sanoma is a leading European multi-channel media company with operations in magazines, television, radio, online media, news media and learning solutions.

Sander said the company began initial discussions about finding a centralized preference and consent management solution three years ago. Upper management and legal personnel gave this effort their full support, Sander said, for many reasons, including:

  • The numerous customer data silos they had.
  • The desire to give customers more control over their own data and experiences.

“Essentially, all of our management bought in to this [idea of a] 360-degree customer view and making the customer central.”

The Big Challenge and How Solutions from Gigya Helped Solve It

According to Sander, Sonoma operates more than a hundred properties. Before coming to Gigya, now a part of SAP, each of them ran their own registration, login and customer profile systems.

Sanoma needed a way to manage customer preferences and consent effectively, especially in light of the upcoming GDPR enforcement deadline of May 25, 2018.

“We would have had to go door-to-door to all these individual titles… to ask them to change their terms and conditions or add another checkbox to the login flow.”

Instead, the company turned to Gigya. Our ability to centralize customer attributes from across an organization into a unified profile for each customer played a key role in Sanoma’s decision.

With SAP Hybris Profile, for example, companies can migrate their customers’ consent and preference data from third-party systems into a central, secure database at the heart of their technology stack. In addition, this updated, accurate and centralized profile can synchronize with those systems to enforce a customer’s consent and preference choices.

Orchestrate profile, preferences and consent to downstream applications

Through our solutions, Sanoma streamlined registration and login flows to capture explicit consent across every channel and leveraged our pre-built integrations so their properties could transfer privacy sensitive data into a centralized solution.

Now, Sander says they’re feeling confident ahead of GDPR enforcement.

“We did this for customer benefit. The GDPR [readiness] is kind of a bonus.”

Making the Impossible Possible

Toward the end of the interview, I asked how hard it would have been if Sanoma had tried to manage its GDPR compliance process manually for each of its properties.

I expected him to say, “much more difficult”, or “very tough”.

His answer: “Impossible. Updating the terms and conditions alone takes a couple of months [to do manually]. So doing something big, like GDPR, and making it user-friendly, it would’ve been impossible.”

This comment is especially insightful for two reasons.

First, it shows that Sander and Sanoma understand the broad implications of GDPR requirements. There are a host of new workflows to create in addition to collecting explicit consent for terms and conditions. For example, the GDPR requires companies to offer consumers a list of new data access rights in an easy, intuitive manner.

GDPR is about putting the customer in control of their data

How a company goes about offering these rights, and how they resolve the technical challenges they present, is just one way GDPR compliance becomes “something big”.

Secondly, the comment shows Sanoma has stayed true to its “customer first” approach. Lots of companies are trying to check all the boxes of GDPR compliance as a way to mitigate their risk of regulatory scrutiny. The ones who will separate from their competitors after GDPR enforcement starts, however, will be those that check all those same boxes in a way that strengthens the customer experience.

The Takeaway for Your Business

No two businesses are the same, yet Sander’s insights can be valuable for other companies as they prepare for the GDPR.

When it comes to implementing comprehensive preference and consent management, buy-in should come from every level of the organization and be driven from the top down. Legal teams should get involved early. And most importantly, the effort should focus on the customer experience aspect first and foremost.

“[A best practice is to] think about the customer perspective,” Sander said. “What would a customer want when [he or she] interacts with your service? How would they want their data handled?”

Looking ahead, Sander says customer control over data will grow even more.

“And that is what [GDPR] is intended to do; to give back control to the consumer. That’s where the future will go.”

There were many more highlights during my discussion with Sander. Click here to listen to the entire webinar.

To learn more about how our solutions can help your business, download our solution brief.

By Rashmi Vittal

Meet us at

Gartner IAM
Las Vegas

December 3-5, 2018

View Event >
Gartner Summits - Join us December 3-5, 2018 | Las Vegas, NV

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.