The recent Equifax breach left millions of consumers wondering not only if their personal data was at risk, but also what data Equifax had about them in the first place. In a world where commenting “And now for something completely different” on someone’s Facebook post triggers ads for Monty Python T-shirts, it’s natural that people want to know what your company knows about them, how you are using that data, and whom you are sharing it with.
Now that GDPR is here, if you’re doing business with anyone in Europe, you will have to respond to these questions in far greater volume and frequency. Are your employees prepared for this influx?
Business leaders worry about this because tracking requests, identifying data, and reporting the results back to consumers will be costly and challenging to organize. But rather than treating each request as an isolated compliance nuisance, try to see GDPR as an opportunity to reimagine how you interact with your customers and their digital identities. As GDPR and other data privacy initiatives expand, your ability to respond quickly and transparently to customer questions about their data will be a testament to how your organization values and treats its customers, and a factor in retaining customer loyalty.
The challenge of GDPR: It starts in the connections, lineage, and linkage
You collect customer data in myriad ways and that data proceeds through applications and systems, integration tools and other communications channels to end up in databases and other storage media. When customers ask what data you have about them, it’s hard to trace because it is in so many—frequently disjointed—locations. Most metadata systems, usually tied to ETL tools, only tell a fragment of the story, and can’t give you a complete picture of what happened to an individual’s specific data.
That said, the connections captured and represented as data lineage are an important component in tackling the challenge. Data lineage gives you a high-level map of routes through your data architecture, much as a map of eastern Massachusetts provides me with a view of how I can get from my home to my office. But just as that map will not show me how I got to the office today, your data lineage will not show you whether you received data about Jane Doe today and where it went.
To get insight into the specific individual, you need to create links or keys across those records. Where those links are already established (e.g., a customer number) and stored in known locations, queries can retrieve those sets of data. Where they are not known or not consistent, record linkage (or identity matching) techniques must be applied. If data is being added into existing systems where those data quality functions are available, that works fine. But usually those techniques are unavailable for database queries. Further, the distribution of saved reports and queried results (often in spreadsheets) containing an individual’s information is not typically captured or retained across your information landscape, leaving significant gaps in the customer view.
Taking master data and metadata to the next level
The answer lies in thinking more broadly about the master data tools you have through the lens of GDPR compliance. For years, organizations have focused on MDM systems as a central point for customer information, but typically in the context of how they synchronize customer data in specific business systems (i.e., a golden record) or facilitate insight into their buying behavior in downstream reporting systems. But why not think about leveraging your MDM system as a hub for systemic information about a customer? After all, the customer information is already there, these systems are modeled to provide reference information, and they usually have user interfaces for information stewardship.
Extending master data models to include systemic information on a customer means you can build a reference hub from which you can respond to customer data queries. As new customer information is collected and passed through varying information supply chains, the points of storage, the metadata trails, and other matching and linkage data can be collected and brought into such a customer hub as new content. With that data associated to individuals, your data stewards can: (1) Respond rapidly to customers’ queries; (2) identify in which systems and through what process flows the data has passed; (3) provide reports quickly to the customer; and (4) identify where systemic corrections or possibly removal need to be made.
Options and next steps
Currently, no tool does all the above. For many organizations, customer information files or possibly data catalogs may provide points of storage for collecting and consolidating this data. Where you have not previously gathered this systemic information, you can look at existing data catalogs, metadata repositories and data lineage to trace likely storage points and data trails to build our inventory of a given customer’s systemic data.
Wherever you decide to collect the information, though, you must ask how you can help your employees better service your customers. Thinking about GDPR from a customer service outlook, you will ask the right questions and approach solutions from the right place, allowing you to get creative with tools you may already have and reimagine customer interactions from a support perspective.
This article is published as part of the IDG Contributor Network. Want to Join?