Modern User Profile Management and GDPR
What does your business think about its customers’ privacy? Since the dawn of the internet, the answer to this question has varied from company to company. Some organizations have gone to great lengths to protect personal information, while others literally exist to aggregate and sell it to the highest bidder. All of this will change starting in May of this year.
Citizens of the European Union have sought a more transparent, responsible, and trustworthy attitude towards consumers from its businesses. This has ultimately led to the creation of Regulation 2016/679, the General Data Protection Regulation “GDPR”, which for practical purposes goes into effect on May 25 of this year.
The regulation clearly outlines what amounts to a new paradigm for the gathering, care for, and use of personal information for businesses. Details of the regulation’s requirements and how to comply with them have been extensively addressed in countless blogs and papers. The impact of GDPR, however, is far more important than mere compliance. GDPR represents nothing short of an inversion of perspectives toward, and indeed, control of personal data. Compliant companies must treat personal data as the property of their consumer, and regard it as a valuable asset borrowed from the individual. It must be protected, this protection must be demonstrated, and it may be used only for the purposes allowed by the individual, and it needs to be returned upon request.
For businesses that already have positive and constructive relationships with their customers, moving into compliance can be a manageable undertaking. But for businesses looking to expand their reach, and to entice consumers to engage with them, GDPR presents significant hurdles to current popular marketing techniques.
Prior to GDPR, enough basic information for a company to inform a user “I already know what interests you” has been easy to gather through basic web server logs and through the use of tracking cookies if the right tools were in place. Now, businesses need permission for even this, eliminating one of the most popular methods of initiating engagement with consumers.
Companies need to ensure consent is obtained prior to storing or using personal information. This translates to nothing short of having to entirely redevelop customer journeys. Organizations must establish trust very early to gather even the most basic information so that they can start to engage with their consumers as individuals. Once this basic consent exists, the interaction can start to grow organically, exchanging richer experiences with a deeper knowledge of the consenting customer. The process is analogous to meeting a stranger at a cocktail party. The first step of moving from anonymous faces in the crowd to individuals engaged in small talk requires a good first impression and a bit of a leap of faith that the first interaction will not be painful. But once the conversation starts, deepening the relationship becomes natural and easy if both parties wish to continue to get to know one another.
The systems that businesses will use to gather personal information and consent have to guarantee that the consented usage and data gathered can be discreetly stored, and then offered for deletion, should the consumer revoke consent. For many established companies, this will lead to a very big impact on existing personalization infrastructure. User management systems at least will require significant updates, and depending on the personalization engine used, work may be required to allow the system to operate with partial profiles and less information. New businesses must select their profile management systems carefully to ensure that they treat customer data appropriately.
The shift may seem dramatic, but in the context of better relationships between businesses and their customers, GDPR is common sense. Years from now we will look back with bewilderment at the early days of the internet as the Wild West when reckless hoarding of personal data was the norm. It's time to adopt this new approach to managing user profiles and to show customers that their data is safe.