Back

StrategyJul 28, 2020

Credera’s MarTech Reference Architecture Part 2: Consent Management & Data Privacy

Phillip Jones

The process of data-driven marketing is built on a foundation of secure data, adhering to all relevant privacy and compliance considerations by obtaining customer consent and respecting customer preferences. As we kick off our overview of Credera’s MarTech Reference Architecture, we will start by reviewing this foundational piece of the MarTech puzzle: consent management and data privacy

what are consent management & data privacy

In a world of mass personalization and targeted marketing, if data is the new oil, first-party data with proper consumer consent is the refined fuel that keeps a marketing and ecommerce engine running. While compliance and consent are typically thought of in terms of the California Consumer Privacy Act (CCPA) or Europe’s General Data Protection Regulation (GDPR), which is certainly true, the crux of the matter is actually consumer trust.

Maintaining a consistent pipeline of first-party data primarily requires building trust with customers by safeguarding and properly utilizing their information. This trust then becomes a means of gaining further data and insights throughout the relationship that can then be used to drive value to the customer through personalization and convenience. A robust (and effective) preference center and encryption/protection of personal information (PI) and personally identifiable information (PII) data are crucial functions of gaining trust and building a foundation for receiving additional first-party data. It also helps meet the legal requirements of cookie consent and tracking consumer privacy requests.

why consent management & data privacy matter

First-party data collection provides the most relevant and actionable information regarding a consumer’s interaction with a brand, and it is quickly becoming the primary viable option (see Google’s ban of third-party cookies and new regulations similar to GDPR). Therefore, ensuring your company has a steady and continuous stream of first-party data is vital to continued marketing efforts.

As data privacy moves into the forefront of consumer’s minds, statutes (like CCPA and GDPR) and consumer backlash will punish companies who utilize personal data without the customer’s consent. However, companies who clearly define usage and allow users to set preferences will gain increasing insight into consumer behavior.

TOP TECHNOLOGIES & PLAYERS

keys for driving consent management & data privacy maturity

1. Maintain a Robust Privacy Policy Privacy policies must clearly indicate the potential uses of collected data along with the parties with whom data may be shared. This information should be kept up to date as new uses or data partners emerge. In addition to the information required by CCPA and GDPR, privacy policies should also include a high-level explanation of how customer data is safeguarded and protected.

2. Ask for Consent Prior to collecting data via tracking, first-party cookies, or forms that may trigger communications (i.e., cart abandonments), obtain clear consent from a user so you can take action with the data you’re collecting.

3. Provide Tool Tips During Data Collection When collecting personal information (particularly if sensitive data), provide users with tool tips, guidelines, or links to specific portions of the privacy policy that explain the purpose and potential usage of your data collection.

4. Provide Preference Configuration Allow a mechanism for users to configure how they receive communication of various types, channels, and frequency. As your data management matures, offering configurable data collection and sharing settings will further build trust with customers.

5. Use Reputable Data Sources When augmenting customer profile information with outside data sources, ensure second- or third-party data providers are reputable and have evidence of properly captured consent (a must-have for GDPR compliance).

current trends & considerations

Evolving Privacy Laws: CCPA and GDPR have redefined how a company can receive, store, and distribute customer data. More countries and U.S. states have drafted similar legislation, leading to increasing needs for thorough data collection and storage processes.

Changing Customer Expectations: Recent surveys have shown that customers underestimate the extent to which their activities are tracked and are generally uncomfortable with much of the common tracking tactics. Additionally, “23% of Americans are more opposed to data tracking in the wake of COVID-19,” indicating consumer backlash and a push for more privacy laws could intensify.

Death of the Third-Party Cookie: With Google Chrome phasing out third-party cookies in 2022 (while Firefox and Safari have already done so), first-party data will become increasingly significant when identifying consumer preferences and tendencies. 

up next: single view of customer

In our next installment of the MarTech Reference Architecture overview, we will talk about the importance of establishing a “single view of the customer.” As a quick preview, a single view of the customer should collect and store data about any type of customer engagement across devices, channels, and brands; it should organize these customer inputs with an ID structure that facilitates both governed activation and analysis.

building your data pipeline

Transparent, configurable, and secure collection of first-party data is the first step to building a strong data pipeline to fuel your marketing and customer loyalty initiatives. Creating a foundation of trust in consumer relationships will lead to increased access to behaviors and preferences while decreasing the cost of compliance with data privacy regulations.

Reach out to one of our customer data and MarTech experts at findoutmore@credera.com for more information on how the MarTech Reference Architecture can be used to assess your MarTech ecosystem, map out a strategy for driving better customer experiences and marketing outcomes, and mature your consent management and data privacy practices.