The GDPR was created to harmonize data protection laws across Europe and provide anyone in the EU with control over the collection and usage of their personal data. Even before the GDPR, making data privacy a priority, rather than an afterthought, was a best practice for building customer trust. But Forrester Research predicts that nearly 80% of companies will fail to comply by May 25th, due, in large part, to the challenges around effectively managing customer data across disparate systems.
mParticle’s customer data platform was architected from the beginning with a “Privacy by Design” philosophy. Our customers, which include some of the world’s leading brands, use mParticle to obtain granular control over their data, secure it end-to-end, and manage identity in accord with bespoke rules. All of this helps with GDPR compliance, but, with the increased prescriptiveness of EU regulations that go into effect this spring, we recognize that brands will need a good deal more.
We are excited to introduce a suite of product enhancements developed to help brands support GDPR compliance as it pertains to consent management and managing and fulfilling requests for data subject access, portability, and erasure.
Consent management and activation
Opt-in and opt-out is nothing new to marketers, but GDPR is much more stringent when it comes to obtaining and showing proof of consent and giving citizens the right to withdraw consent at any time. This poses a major challenge for brands who need to manage consent permissions across multiple devices, digital touchpoints, and technology partners.
With mParticle’s new consent management features, companies can now:
- Collect consent across all their digital properties via a single API;
- Link consent permission to a specific user ID; and,
- Share consent permissions in real-time with 175+ partnered platforms.
Most importantly, mParticle’s granular data controls enable companies to automate (or restrict) data flows based on consent permissions. For example, if someone rejects consent, mParticle can use conditional logic to prevent that person’s data from being forwarded to other technology partners. Full stop.
In addition, the GDPR states that people can withdraw their consent at any time. In other words, someone who gave you consent two weeks ago can always withdraw it. Only a real-time infrastructure like mParticle’s can ensure that consent permissioning is up to date while providing a quick and easy way for brands to display proof of consent on demand.
Data request management and fulfillment
The GDPR outlines specific data subject rights including the rights to data access, portability, and erasure. Once again, with modern consumers interacting with brands across multiple channels and devices, unifying customer data to honor these rights can be a challenge.
mParticle’s new data request management and fulfillment features enable brands to handle and complete requests well in advance of the one month window required under the GDPR. Brands can submit and track the status of requests for access, portability, and erasure via the platform. mParticle can also build a downloadable summary report for access and portability requests.
For example here’s what access and portability requests look like without and then with mParticle:
For an erasure request, mParticle will look up all data collected on a particular user within our platform and delete it. Brands will also have the option to share erasure requests with our ecosystem of partners.
Why mParticle for GDPR compliance?
mParticle’s customer data platform is uniquely equipped to handle industry, geographic, and company-specific data privacy regulations. The missing link between brands and GDPR compliance is a real-time connected data infrastructure that offers a single customer view across the entire digital experience, like mParticle. Our new product enhancements take compliance to the next level by putting brands in control of how consent is collected, merged, and shared as well as providing a way to activate consent across the ecosystem to respect users’ preferences and honor data subject access rights.
Contact us to learn more!