Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Practical Advice on Integrating GDPR Compliance into the Customer Experience

Just recently, I moderated a web conference hosted by the International Association of Privacy Professionals (IAPP) on how to use the European Union’s General Data Protection Regulation (GDPR) as a market-differentiating opportunity. Here’s one of the key takeaways from the discussion:

Integrating GDPR compliance efforts into the customer experience will be a determining factor in your company’s future success.

That’s easy to write in a blog post, but much more difficult for a complex business in today’s digital economy to accomplish. Luckily, Rudo Gischler, Senior Manager of Data Information and Security for EY Financial Advisory, and John Howie, Chief Privacy Officer, Consumer BG for Huawei, joined me on the panel to offer real-world, practical advice on this front.

Let’s dive into the highlights.

Consumers Will Want Your GDPR Compliance Information

No one likes spam. No one likes to be tracked across the internet by irrelevant ads. In fact, consumers are increasingly demanding to:

  • Know how companies collect and use their personal data
  • Gain control of their personal profile, consent and preference settings

A main goal of the GDPR is to answer these consumer demands, and according to John Howie, the companies who can show successful compliance will benefit.

“As [EU member] data authorities start to promote GDPR to their citizens, as is called for by the European Commission in their recent instructions to the member states, consumers are going to become more familiar with these principles and obligations… including the concepts of accountability and compliance. That’s going to cause a fundamental shift in how our consumers view providers of service online.”

One way to promote GDPR compliance, John said, will be through certification programs. These programs aren’t fully defined yet. John expects them to be finalized by EU regulators “very quickly.” Successful GDPR compliance certification will earn companies a badge or mark they can display on their websites, which can help elevate their consumers’ trust.

A Shift to Operational Challenges

After a long buildup, we are now in the home stretch before GDPR enforcement begins on May 25, 2018. In 2016 and 2017, companies mainly focused on the legal and procedural challenges of the regulation. Now, in these last months before the deadline, companies are moving past internal preparations to focus on external, operational elements.

For instance, a combined EY and IAPP survey found that topics such as “restrictions on profiling” and “understanding the regulatory oversight” were the most challenging GDPR obligations for companies in 2016. At the end of 2017, the focus had shifted to more operational challenges such as “data portability,” the “right to be forgotten” and “gathering explicit consent.”

“I see a transition this last year from the legal side of things – the foundation if you will – toward the more practical things like data subject access requests,” Rudo said. “Companies are working hard to be compliant from a practical standpoint… in order to minimize scrutiny from either their clients or their supervising authorities.”

Packaged Software Can Help

In the question-and-answer portion of the conference, an attendee asked, “What are you seeing companies do to meet the data subject rights access requests?”

Rudo answered, “Most service organizations have a portal in place that they use for client interactions. They are rebuilding these portals towards having one interface for their data subject rights access.”

During the presentation, I provided an example of the portal Rudo discussed. Through SAP Hybris Consent, companies can offer their consumers a Self-Service Preference Center as part of their account profile.

Example of a preference center: give your customers control while addressing compliance with GDPR

Through this responsive interface, consumers gain control of their personal data and companies can address the new consumer rights required by the GDPR. It’s a solution for both customer expectations and regulatory compliance.

To Get the Full Story

Integrating GDPR compliance into the customer experience was just one of many valuable topics we discussed during the conference. Click HERE to access the discussion in its entirety.

Also, keep an eye out for a future blog post that answers the questions we couldn’t get to during this information-packed hour!

By Jason Rose

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.