GDPR and the Single Customer View

Transcription

1 1 White Paper GDPR and the Single Customer View How to prepare for GDPR and boost your omnichannel customer experience capabilities at the same time

2 Contents 1.0 Introduction All about GDPR All about Single Customer View The Four-Step Process to GDPR (and SCV) Readiness Data Discovery Cataloguing Creating the Single View Maintaining GDPR Compliance Transformation of Customer Experience 16 More Information 18

3 1.0 Introduction For many years sales, marketing, customer experience, and contact centre professionals have spoken about getting a single, comprehensive view of each of their customers. Now, with the EU General Data Protection Regulation (GDPR) coming into force, companies are being forced to find and catalogue all this data that they own on customers. The thinking goes that if all the information on a given customer is either stored in one place, or at least accessible from a central system, the company can make much more informed decisions. In its latest Digital Marketing Survey, Experian says that 89% of companies report having difficulties implementing a single customer view. The major stumbling blocks are: For many this will be a one-time exercise to pass an audit. But that s missing a huge opportunity. Instead companies should see GDPR as an opportunity to consolidate their data and put it to use to improve the whole customer experience from sales through to customer service. 54% 49% 48% Technology to integrate customer data in real time Inability to integrate multiple data sources and technologies Acces to data from across the organization To add to the difficulty, insightful but unstructured data such as the content of s and chat sessions, as well as metadata recording, for example, what a customer does on the company website, might be extremely difficult to find and identify, if they are stored deliberately at all. This short guide to GDPR and Single Customer View will show how to make the most of this opportunity to revisit your data and ensure it is put to better use to increase your knowledge of customers, supercharge customer satisfaction, and ultimately boost the bottom line.

4 2.0 All about GDPR GDPR is an EU-wide regulation that extends the UK s existing Data Protection Act and brings it up-to-date for the modern, digital world. It brings new rights for individuals relating to what personal or sensitive data companies store about them, and how that data can be used. There is an exhaustive list of requirements that organisations need to comply with: What data is considered personal? How should this be processed and managed? For how long should it be stored? What data security controls are in place? What rights do data subjects have to their own personal data, and how are those rights enforced? As of May 25th 2018, organisations that have not answered these questions, and do not put the necessary processes in place, could face fines of up to 20,000,000 or 4% of annual worldwide turnover. Getting ready for GDPR So that s the scary part. What it basically means is that every company needs to have processes to properly manage customer data and GDPR related requests from those customers. From a technology point of view that s fairly easy to do only if all your data is in one place and accessible through a single user interface. For most companies holding structured and unstructured data, plus automatically generated metadata, this personal and sensitive customer data is going to be spread all around their technology infrastructure. Prior to GDPR coming into force, companies need to discover all the personal and sensitive data held in the multiple systems they manage. Next, they should create a comprehensive private data inventory to help them understand where the data is, Data Load with Tagging Private Data Inventory Data Audit Report

5 2.0 All about GDPR 5 who owns it, what is the legal basis for processing it, and how long they can retain it. Data discovery tools relying on advanced search algorithms can perform this task and bring all the data together in one place. It can then be managed from one of your existing systems, or in a separate system for handling GDPR compliance. And this is precisely the first step that for most companies has long been a roadblock to creating a single view of their customer data to help with marketing, sales, and customer experience efforts.

6 3.0 All about Single Customer View Imagine if, when you talked to a friend on the phone, you forgot everything else you knew about them from your interactions over social media, by , or when you met face-to-face. Instead, all you could remember were your past phone calls with this person. Fortunately, our brains don t work that way, but for companies with siloed data and systems that s precisely the position they are in when they deal with their customers. In fact, they aren t really dealing with individual customers at all; they are actually managing a series of unrelated interactions and transactions that take place over different channels. Personalise upsell, cross-sell, and renewals offers to meet a customer s exact needs and circumstances; Understand the commonalities of our best customers so that we could find more like them; Identify customer segments, lifecycle stages, and purchasing patterns to inform everything from product development to marketing to pricing and payment options. If only we could see at a glance the complete trail of phone interactions, website visits, s, purchases, social media comments, etc. left by every customer and prospect we could: Seamlessly manage interactions that cross multiple channels without asking the customer to update us or repeat information; Route customer enquiries to exactly the right team or person without delay; Proactively engage the customer to head off service issues before they become a problem;

7 3.0 All about Single Customer View 7 How to create a single customer view A single customer view essentially links an individual customer to the purchases they have made from the company, and every interaction they have had with it including metadata like browsing sessions on the company s website across all channels. While this data does not necessarily need to be stored in a single central repository, it does all need to be linked together and indexed using some sort of unique identifier tag for each customer. In this way all the data related to a specific individual can be collated and brought into a single view that can be accessed by sales, marketing, customer service, and other staff that engage with customers, as well as any automated systems that do the same. This is difficult because all that customer data resides in different systems and databases, in different formats, and some of it such as metadata in XML files on web servers is hard to get to and even identify. But this is precisely what companies are now having to do for GDPR compliance. Website metadata Personal identifying information Payment history and alerts Demographic and geographic data Marketing campaign responses Product purchases SINGLE CUSTOMER VIEW Third-party profiling data Customer s network Customer service interactions Proactive communications Social media comments Other channel interactions

8 4.0 The Four-Step Process to GDPR (and SCV) Readiness In this section we re going to take an in-depth look at the process of preparing your data for GDPR and how we can create that single customer view at the same time. From our experience, getting GDPR ready means answering four tricky questions: 1. Where do I keep personal and sensitive data across my vast IT infrastructure? 2. How can I catalogue personal and sensitive data across multiple structured, semi-structured and unstructured data sources? 3. How can I create a single view of information to easily identify all data belonging to any particular data subject? 4. How do I maintain readiness post May 25th and will my systems cope with the new rights of data subjects? If these challenges remain unsolved then GDPR compliance will be complicated by manual data location and the repetition of effort as staff have to perform searches and collate data from multiple source systems for every GDPR request received. GDPR Data Discovery and Management brings an extra level of automation and sophistication to your GDPR strategy. Instead of performing a one-off audit to put a tick in the GDPR box, use GDPR Data Discovery and Management to ensure your organisation attains and maintains compliance far after the GDPR deadline. Centralise compliance efforts with one information platform Use the single view for data audits and satisfying data subject rights Streamline GDPR processes including data discovery, minimisation and retention Maintain ongoing compliance post May 25th with an automated system

9 4.0 The Four-Step Process to GDPR (and SCV) Readiness 9 Four solutions: We suggest a four-step process to preparing for GDPR, which will also get your organization a lot of the way towards implementing the long-sought-after Single Customer View. The idea is that once the discovery, cataloguing, and auditing processes have been completed, the inventory continues to refresh and stay up-to-date. This provides a central living information management platform that helps maintain ongoing compliance and provides additional value to help users respond to data subject rights and manage data breaches in an efficient and automated manner. 1 Discover personal and sensitive data across all of your structured, semi-structured and unstructured data using advanced search algorithms. 2 Create a tagged and indexed comprehensive private data inventory to help you understand: a. Where your data is b. What it looks like c. Who owns it d. What the legal basis for processing it is 4 Automate the administrative process for maintaining ongoing compliance, including: a. Alerting key staff when data e. How long you can retain it for f. Where there is duplicate information g. And more... retention periods are up b. Flagging non-compliant information as it is entered into the system c. Automating adherence to data subject rights d. Maintaining a good data 3 Build a single view of your data estate and use it to find all information associated with any individual. practice

10 4.0 The Four-Step Process to GDPR (and SCV) Readiness 10 The Data Discovery and Management Process Data can quickly and easily be loaded from structured, semi-structured and unstructured data sources simultaneously. Data is tagged on load with GDPR-relevant metadata tags including data subject (that s customer or prospect that the data is about), data owner, data location and retention period. Once loaded a central data inventory of all organisational data is created. From here users can conduct a data audit, organise the data inventory, identify highrisk data sources and quickly identify what actions are needed to attain compliance. The data inventory can be maintained post May 25th and used to satisfy data subject rights, manage data breaches and maintain ongoing GDPR compliance organisation-wide.

11 4.0 The Four-Step Process to GDPR (and SCV) Readiness Data Discovery The first step is to find out exactly what personal and sensitive data is held and where that data can be found. Using deep-dive data mining the location, type, and volume of all personal and sensitive data can be discovered. This search should encompass anywhere that customer information might reside, from your operational systems to customer testimonials to marketing mailing lists to inboxes to customer complaints and everything in between. This information is found in structured databases, semi-structured XML files, unstructured file systems on individual workstations, cloud-based file systems you name it, you need to check if there is personal or sensitive data in those systems. Indeed, 80% of all organisational data is unstructured if you believe the statistics! Finding out where information is held can be easy in some systems. On the other hand you could be trying to find out how many John Smiths you have across multiple databases and a few thousand workstations, and then establish how many of these John Smiths are unique individuals, and which records relate to exactly which John Smith. Data discovery software can take all this information and search against it simultaneously, instantly finding and collating everything from siloed data sources. Personal and Sensitive Data Discovery Use smart rules to automatically identify what types of data are held where, including personal and sensitive data.

12 4.0 The Four-Step Process to GDPR (and SCV) Readiness Cataloguing While finding all the personal and sensitive information a company owns certainly looks like the biggest challenge at the moment, cataloguing all that data after it has been found can be just as hard. A clear information tagging strategy is needed to get a clear picture of all the information a company owns and to understand to which data subject each item belongs. Without some sort of automatic metadata tagging process it is going to take a lot of effort to understand for example where you keep IP addresses, who owns the IP address, what you re using them for, and what the legal basis for processing them is. Modern data discovery software includes comprehensive metadata cataloguing to help identify what data is held where, why, by whom, and for what reason. Smart business rules and regular expressions can extract structure from unstructured and semi-structured data sources, to help automatically build a big picture of personal and sensitive metadata. So instead of just finding out whose data is held where, you can now find out what types of data are held where. GDPR Metadata Tagging Tag data as it is loaded into the system with GDPR related metadata tags, including data owner, data location and data processes.

13 4.0 The Four-Step Process to GDPR (and SCV) Readiness Creating the Single View Aside from bringing all the data together, the other great challenge of single customer view has always been what technology to use to store and access that data and keep it up to date. Assuming you are not moving all your data into a single central repository which is even harder and likely impossible to do in many cases what we are talking about is creating an indexed copy of all your data. This clipboard of the data we discovered in step 1 and then catalogued in step 2 is your single customer view. By storing all the files in a unified index format the challenges posed by joining different data from different file types and different data sources is easily overcome. In addition to finding how much John Smith data you have, you should now have a full visual history of each John Smith s interactions with the company. What you now have is a portal for accessing all your data about any individual customer. This central repository should be kept up to date by regularly running the discovery and cataloguing processes on newly acquired data. As we will see in step 4, this portal is the key to ongoing GDPR compliance. It can also form the basis of the single customer view that your sales, marketing, and other customer engagement staff have so longed for. Living Data Inventory Phase 3 involves creating a portal to help automate the process of responding to data subjects requests. Use indexing to create a central version of all organisational data structured, semi-structured and unstructured.

14 4.0 The Four-Step Process to GDPR (and SCV) Readiness Maintaining GDPR Compliance Ongoing GDPR compliance is achieved by following the new standards for storing and using customers personal and sensitive data, and by responding in a timely manner to requests from data subjects. In order to do this, you need to know what data you hold (step 1), understand what type of data it is (step 2), and to whom it belongs (step 3). Finally you need to have processes in place for managing that data (step 4). This is where the single view of all your data that you have now created comes into its own. GDPR establishes lots of rights for individuals the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and rights in relation to automated decision making and profiling. The significant part of establishing readiness prior to May 25th is ensuring that after go-live each of these rights has a clearly defined business process from request to response. To respond to these requests from data subjects, your staff can now trawl through the data without having to log into multiple systems and search through multiple databases, each of which likely uses a different search method or method of cataloguing. It also provides a powerful resource for maintaining information security and establishing what data is being processed, whose data it is, why it is being processed and by whom. Automate Data Retention Flag up data that is out of date and alert individuals when data needs to be deleted, obfuscated or archived.

15 4.0 The Four-Step Process to GDPR (and SCV) Readiness 15 Ongoing Data Audit Generate a list of recommended actions to take on your data to become GDPR compliant, and visualise the process with the GDPR Health Check Dashboard. Organisation Compliance Checklist Walk through the GDPR legislation with the compliance checklist, creating a central resource library for policies, processes and procedures.

16 5.0 Transformation of Customer Experience So here we are. You have found and catalogued all your personal and sensitive customer data, built a central repository or index for it, as well as systems and processes for accessing it and complying with GDPR requests. What else can your organisation do with this vast treasure trove? The most effective way of marketing and selling to customers, and then serving and delighting them on an ongoing basis, is to treat each customer as an individual. We doubt anyone would argue against that. a full understanding of a customer s wants, needs, and behavior. You cannot effectively meet with a customer at multiple touchpoints ( , phone, web, chat) if your organisation doesn t know it s the same customer each time. And you cannot proactively service them and anticipate their problems before they happen if you cannot see everything that s going on. Having now done the data discovery, cataloguing, and creating of a central index for GDPR readiness, you are in the enviable position of being able to achieve this goal. Companies without a single customer view which is to say most companies today are unable to do that. To them a customer is the records tied to this particular address; the transactions from that phone number; the meta data from this IP address; these comments from this Facebook account; and these orders from this credit card going to this address. They have no way of joining all those records up to get a full picture of the individual with whom they are dealing. Many of the greatest customer experience and marketing challenges we face today are all to do with our inability to gain a single view of our data: You cannot personalise products and offers without

17 5.0 Transformation of Customer Experience 17 A good start Of course, single customer view is about more than having access to all customer data in one place. It has to be kept up to date, be accessible by sales, marketing and customer service staff, and whatever system you keep it on has to be integrated into customer interaction workflows across your different engagement channels. On a simple level, when a customer calls in to the contact centre the agent should know that the customer has already ed about the same issue. Taking it a step further, if the agent has access to the company website s meta data, they might also see that the customer has tried several times to look the same issue up in the self-service system. To facilitate that, it s important as well to have a single user interface for agents to access all this information. Intelligent workflow can even follow an interaction and present data on the agent s screen at the appropriate time. The result is faster, more accurate interactions that can easily take place over any channel and draw on any data source, system or process that is required for the agent to get the job done. In our experience companies deploying centralised solutions that eliminate siloes see on average a 20% boost in productivity as well as improvements in customer satisfaction and loyalty rates. But that s for another day.

18 More Information Infinity s analytics suite includes a Data Discovery and Management module that has been specifically designed to help companies become GDPR compliant and stay that way. Delivered on its own, as part of the analytics suite, or alongside the full Infinity Platform, DDAM can be installed and configured quickly to help you get ready for the GDPR deadline of 25th May While indexing your customer data with DDAM can help you create a Single Customer View, Infinity s Desktop and Workflow solutions provide your agents and other staff with the tools to access that intelligence from a single user interface so that it can be used to improve customer interactions. To find out more about GDPR, Single Customer View, and how Infinity can help you make the most of this opportunity, please get in touch.

19 UK Office Infinity Contact Centre Software Ltd Landmark, 3 Brindley Place Birmingham B1 2JB Phone +44 (0) US Office Infinity CCS Inc Park East Dr., Suite 250 Cleveland, OH info@infinityccs.com