Like an imminent hanging, the looming execution of the European Union’s General Data Protection Regulation (GDPR) has concentrated business leaders’ minds on their customer data. This has been a boon for Customer Data Platform vendors, who have been able to offer their systems as solutions to many GDPR requirements. But it raises some issues as well.
First the good news: CDPs are genuinely well suited to help with GDPR. They’re built to solve two of GDPR’s toughest technical challenges: connecting all internal sources of customer data and linking all data related to the same person. In particular, CDPs focus on first party (i.e., company-owned) personally identifiable information and use deterministic matching to ensure accurate linkages. Those are exactly what GDPR needs. Some CDP vendors have added GDPR-specific features such as consent gathering, usage tracking, and data review portals. But those are relatively easy once you’ve assembled and linked the underlying data.
GDPR is also good for CDPs in broader ways. Most obviously, it raises companies’ awareness of customer data management, which is the core CDP use case. It will also raise consumers’ awareness of their data and their rights, which should lead to better quality customer information as consumers feel more confident that data they provide will be handled properly. (See this Accenture report that 75% of consumers are willing to share personal data if they can control how it’s used, or this PegaSystems survey in which 45% of EU consumers said they would erase their data from a company that sold or shared it with outsiders.) Conversely, GDPR-induced constraints on acquiring external data should make a company’s own data that much more valuable.
Collection requirements for GDPR should also make it easier for companies to tailor the degree of personalization to individual preferences. This Adobe study found that 28% of consumers are not comfortable sharing any information with brands and 26% say that too-creepy personalization is their biggest annoyance with brand content. These results suggest there’s a segment of privacy-focused consumers who would value a privacy-centric marketing approach. (That this approach would itself require sophisticated personalization technology is an irony we marketers can quietly keep to ourselves.)
So, what’s not to like? The downside to GDPR is that greater corporate interest in customer data means that marketers will not be left to manage it on their own. Marketing departments have been the primary buyers of Customer Data Platforms because corporate IT often lacks the interest and skills needed to meet marketing needs. GDPR and digital transformation don’t give IT new resources but they do mean it will be more involved. Indeed, this report from data governance vendor Erwin found that responsibility for meeting data regulations is held by IT alone at 36% of companies and is shared between IT and all business units (not just marketing) at another 55%. I’ve personally heard many recent stories about corporate IT buying CDPs.
Selling to IT departments isn’t a problem for CDP vendors. Their existing technology should work with little change. At most, they’ll need to retool their sales and marketing. But marketers may suffer more. Corporate IT will have its own priorities and marketing won’t be at the top of the list. For example, this report from master data management vendor Semarchy found that customer experience, service and loyalty applications take priority over sales and marketing applications. More broadly, studies like this one from ComputerWorld consistently show that IT departments prioritize productivity, security and compliance over customer experience and analytics. Putting IT and legal departments in charge of customer data is likely to mean a more conservative approach to how it’s used than marketers would apply on their own. This may prevent some problems but it’s also likely to make marketers’ jobs harder.
A greater IT role may also reverse the current trend of adding analytical and marketing applications to CDP data management functions. Marketers generally like those applications because it saves them the trouble of buying and integrating separate analytical and marketing systems. IT departments won’t use those features themselves and will probably be more interested in making sure CDP data can be shared by external applications from all departments. Similarly, IT buyers may favor CDP designs that are less tuned specifically to marketing needs and more open to multiple uses. This will favor some technical approaches over others.
The final result is likely to be clearer division of the CDP market into systems that focus on enterprise-wide customer data management and that give marketers integrated data, analytics, and customer engagement. If both types of vendors find enough buyers to survive, the expanded choice means that everyone wins. But the combined data, analytics and execution CDPs could be squeezed between data-only CDPs and the integrated applications of big marketing clouds. If there’s not enough room left for them, marketers choices will be reduced. Should that happen, GDPR will have done CDP vendors and marketers more harm than good.