The Lifecycle of a Subject Access Request

Take a walk along the path of a subject access request (SAR), from the point of collection to privacy rights management as a competitive advantage.

All Posts

Advantages of compliance

There are many reasons beyond regulatory mandate that companies are choosing to implement solutions for transparency, notice and consent around consumer data handling.

 

While compliance is at the core of the GDPR, we are seeing a strong shift toward taking an active posture towards privacy from many leading companies as compliance isn’t enough. Consumers today expect to engage a brand on the terms they desire, looking to more deeply engage those companies who are leaders in this area.

Ryan Parker, Head of Responsive Retail, Intel Corporation

 

In light of the more recent data and privacy scandals featured in top news stories, we clearly see an opportunity for companies to prioritize transparency as they leverage personal data. Beyond making good business sense, this trust-building exercise demonstrates goodwill, corporate citizenship, and improved brand equity.

 

Karen Schuler, National Data & Information Governance Leader for BDO USA, stated that the many added benefits of GDPR compliance "would create better business decisions through increases in data quality, integrity, availability and consistency. This could reduce data storage, discovery and knowledge worker costs, driving innovation by delivering higher value data."

 

Data mapping 

To comply with the GDPR and, in particular, the data subject’s right to be forgotten, it’s critical to have a comprehensive data map that clearly indicates all data sources, who has access to them, and how they are interlinked and provisioned. The exercise of data mapping, itself, may unlock some unexpected insights into how your organization is structured, which can translate into tangible benefits.

 

360 view: Consolidate, understand, leverage your data

According to Ryan Parker from Intel, GDPR compliance can help your organization gain a better understanding of its customer through a more complete view of the existing diverse data points. "Customer 360 is all about knowing your customer, who they are, and how they have interacted with your brand.  Currently, outside of a few, we still have not seen many retailers develop that 360 perspective because their data is highly dispersed in a host of systems and people. The GDPR could be a great catalyst to finally see all systems come together to provide a holistic picture of the customer’s data to ensure compliance. This comprehensive view could finally allow retailers to fully leverage the great business intelligence and artificial intelligence tools that are available on the market today."

 

Of course, this is all predicated on the consumer. If customers opt out of marketing or processing efforts en masse, the ability to understand and predict their behavior will be greatly diminished. It remains to be seen exactly to what level of consumers will proactively exercise their rights under the GDPR, but we can reasonably expect brands to fare better when they act responsibly and create the proper incentives for consumers to both trust and engage.

 

Impact on culture, collaboration and breaking silos

We also expect the GDPR to lead to positive impacts on a company’s culture. For companies that differentiate through outstanding customer experience, GDPR is a natural progression to better engage the customer in the transparent manner that they expect, thus increasing brand value. For those not yet familiar with GDPR, it is much more than just compliance, it is a new way to engage consumers with their brand through the power of data.

 

Integrity, transparency and trust: Keys to maintaining brand equity

There is a strong correlation between high perceived transparency and positive consumer sentiment. Core brand attributes are most often centered around trust. Building trust with a customer by showing immediate access to their data and providing a rapid response to requests to challenge, delete or move that data, is part of the new definition of trustworthiness. The GDPR has defined this new set of rules for what a trusted relationship should look like, and the early adopters may find a strong competitive advantage through earned trust.

 

Opportunity to learn from emerging technologies

Like many other new technological revolutions, there are opportunities to understand and master emerging technologies. Some of the more complete solutions leverage the power of both distributed ledger (blockchain) systems and data lake (cloud computing) technologies.

 

Leverage the blockchain (distributed ledgers)

Aside from the commonly known application of blockchain technology as the platform for cryptocurrency transactions, the cutting-edge technology also holds massive potential to deliver secure encryption and immutability. This ties directly to the needs of GDPR compliance.

As an example, the auditability of Truyo comes from the blockchain ledger where all subject access requests and exercised rights are time-stamped and unable to be altered. Once data from an interaction is gathered, it is transferred to the ledger and then on to the data lake, where all interaction records live. If a consumer makes a request, a detailed record is logged regarding the interaction activity. Once an auditor or regulatory body is comfortable with the system, the lengthy portion of the auditing process can be substantially relieved, focusing instead on the actual results and activities.

 

Data lakes & machine learning

For those companies already focused on centralizing data for GDPR, there are opportunities around data lakes, business intelligence, and AI.

 

Implementation of a data lake as part of your GDPR strategy acts as a catalyst to increase insight and transparency within the organization. By leveraging a single data lake for GDPR, companies benefit from a single source of truth which can unlock the value of data across their entire business.  This approach allows them to find correlations in data that isn’t possible when data is siloed, opening new insights and optimizations across the entire company.

Additionally, you can leverage machine learning models to find patterns in customer behavior and preferences for better targeted and efficient marketing. You can also leverage the AI platform to engage directly with customers to help them through their journey, while recommending products directly to them and reducing agent cost.

Of course, to implement such a cross-business data lake, while also enabling Individual Rights under the GDPR, requires that certain data be anonymized and secured, thereby enabling the business without compromising the consumer. With our particular approach to data lakes on the Truyo platform, when you expose your transactions and records to a customer, you can do that in full legal compliance, on our data platform.

Chris Dieringer, National Sales Director at Microsoft - Retail and CPG Industry

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

The Lifecycle of a Subject Access Request

Take a walk along the path of a subject access request (SAR), from the point of collection to privacy rights management as a competitive advantage. To...

Should I Automate SAR Management? A Decision Tool

Walk through this decision tree to uncover how many SARs you might expect to get, how complex your data environment is, and – ultimately – whether it ...

SAR Management Best Practices Checklist

It’s one thing to plan for the GDPR or CCPA and other privacy regulations. It’s another thing to actually live it.   This SAR management checklist for...

The answer to regulatory uncertainty? A future-proof solution

There is tremendous uncertainty in the privacy rights regulatory environment today. The most prominent regulations – GDPR and CCPA – have significant ...