We’re down to dotting of the i’s and crossing the t's for GDPR (General Data Protection Regulation).
DMA (Data and Management Association), HubSpot, Forbes and Tenable.com (“The Cyber Security Company”, to name just a few organizations and online journals), have created very helpful, “last minute” GDPR checklists.
Not surprisingly, there’s huge emphasis on cyber security checkpoints, tips on training - and pointed reminders - such as GDPR compliance must be extended to employees, as well as customers.
It’s troubling to see these checklists, however, not taking into consideration GDPR’s intrinsic data quality requirements. Indeed, it’s amazing, when you consider there are still F500 companies (to focus on GRPR’s May 25th launch-date in the U.S.), who can’t identify or track customer data across numerous systems and databases, much less calculate the real number of redundant versions, ostensibly of the same customer record.
While the subject may now seem like yesterday’s news and unexciting information, GDPR has given us, indeed, one more reason to strive toward a single-view of the customer master record.
GDPR compliance promotes very concise ways of opting-in. Regarding legacy customer data, Mailjet.com advises “explicit permission (or consent), will have to be obtained before sending email marketing campaigns to your legacy contacts unless you have record of their consent to receive such communication from you”.
But, what happens when your customer legacy data - across systems - looks something like this:
How does this kind of redundancy impact the GDPR opt-in process?
- How many times will Ron Smith be required, or allowed to opt-in?
- For which version (as listed above), would Ron Smith grant his consent?
- Which “Ron Smith” will be tied to “the subject’s fundamental rights and freedom”?
Maintaining a “gold” and single-version of a customer record is a standard Master Data Management (MDM) use case. (Of course, we should constrain and compel customers to responsibly provide accurate data entry. But that doesn’t stop the master data records themselves from becoming outdated through normal life events and career changes).
Of course – and In fairness - there are data quality evangelists insisting a successful GDPR program must be supported by good and consistent data quality.
Consider the opening line for “Mitigating Data Quality Impact on GDPR Compliance”:
“Data Quality and Data Integrity are not “nice-to-have’s” and risk cannot be transferred to another party or mitigated by legal contracts”.
Meaning, despite all the right steps companies are taking regarding GDPR compliance (including system and training compliance), they own getting the data quality piece right, as well.
As rightly, they should.
For more information on Software AG’s Master Data Management solution, please click here.