The CCPA Hidden Game Changer: “Do Not Sell My Personal Information”

There are several key aspects of the California Consumer Privacy Act (CCPA) that people are largely missing to date. Here, learn why the "Do Not Sell My Personal Information" provision of the CCPA could be a game changer for many companies. And learn how you can get a head start implementing the processes and systems to comply with the provision without hobbling the business.

All Posts

Advantages of compliance

There are many reasons beyond regulatory mandate that companies are choosing to implement solutions for transparency, notice and consent around consumer data handling.

 

While compliance is at the core of the GDPR, we are seeing a strong shift toward taking an active posture towards privacy from many leading companies as compliance isn’t enough. Consumers today expect to engage a brand on the terms they desire, looking to more deeply engage those companies who are leaders in this area.

Ryan Parker, Head of Responsive Retail, Intel Corporation

 

In light of the more recent data and privacy scandals featured in top news stories, we clearly see an opportunity for companies to prioritize transparency as they leverage personal data. Beyond making good business sense, this trust-building exercise demonstrates goodwill, corporate citizenship, and improved brand equity.

 

Karen Schuler, National Data & Information Governance Leader for BDO USA, stated that the many added benefits of GDPR compliance "would create better business decisions through increases in data quality, integrity, availability and consistency. This could reduce data storage, discovery and knowledge worker costs, driving innovation by delivering higher value data."

 

Data mapping 

To comply with the GDPR and, in particular, the data subject’s right to be forgotten, it’s critical to have a comprehensive data map that clearly indicates all data sources, who has access to them, and how they are interlinked and provisioned. The exercise of data mapping, itself, may unlock some unexpected insights into how your organization is structured, which can translate into tangible benefits.

 

360 view: Consolidate, understand, leverage your data

According to Ryan Parker from Intel, GDPR compliance can help your organization gain a better understanding of its customer through a more complete view of the existing diverse data points. "Customer 360 is all about knowing your customer, who they are, and how they have interacted with your brand.  Currently, outside of a few, we still have not seen many retailers develop that 360 perspective because their data is highly dispersed in a host of systems and people. The GDPR could be a great catalyst to finally see all systems come together to provide a holistic picture of the customer’s data to ensure compliance. This comprehensive view could finally allow retailers to fully leverage the great business intelligence and artificial intelligence tools that are available on the market today."

 

Of course, this is all predicated on the consumer. If customers opt out of marketing or processing efforts en masse, the ability to understand and predict their behavior will be greatly diminished. It remains to be seen exactly to what level of consumers will proactively exercise their rights under the GDPR, but we can reasonably expect brands to fare better when they act responsibly and create the proper incentives for consumers to both trust and engage.

 

Impact on culture, collaboration and breaking silos

We also expect the GDPR to lead to positive impacts on a company’s culture. For companies that differentiate through outstanding customer experience, GDPR is a natural progression to better engage the customer in the transparent manner that they expect, thus increasing brand value. For those not yet familiar with GDPR, it is much more than just compliance, it is a new way to engage consumers with their brand through the power of data.

 

Integrity, transparency and trust: Keys to maintaining brand equity

There is a strong correlation between high perceived transparency and positive consumer sentiment. Core brand attributes are most often centered around trust. Building trust with a customer by showing immediate access to their data and providing a rapid response to requests to challenge, delete or move that data, is part of the new definition of trustworthiness. The GDPR has defined this new set of rules for what a trusted relationship should look like, and the early adopters may find a strong competitive advantage through earned trust.

 

Opportunity to learn from emerging technologies

Like many other new technological revolutions, there are opportunities to understand and master emerging technologies. Some of the more complete solutions leverage the power of both distributed ledger (blockchain) systems and data lake (cloud computing) technologies.

 

Leverage the blockchain (distributed ledgers)

Aside from the commonly known application of blockchain technology as the platform for cryptocurrency transactions, the cutting-edge technology also holds massive potential to deliver secure encryption and immutability. This ties directly to the needs of GDPR compliance.

As an example, the auditability of Truyo comes from the blockchain ledger where all subject access requests and exercised rights are time-stamped and unable to be altered. Once data from an interaction is gathered, it is transferred to the ledger and then on to the data lake, where all interaction records live. If a consumer makes a request, a detailed record is logged regarding the interaction activity. Once an auditor or regulatory body is comfortable with the system, the lengthy portion of the auditing process can be substantially relieved, focusing instead on the actual results and activities.

 

Data lakes & machine learning

For those companies already focused on centralizing data for GDPR, there are opportunities around data lakes, business intelligence, and AI.

 

Implementation of a data lake as part of your GDPR strategy acts as a catalyst to increase insight and transparency within the organization. By leveraging a single data lake for GDPR, companies benefit from a single source of truth which can unlock the value of data across their entire business.  This approach allows them to find correlations in data that isn’t possible when data is siloed, opening new insights and optimizations across the entire company.

Additionally, you can leverage machine learning models to find patterns in customer behavior and preferences for better targeted and efficient marketing. You can also leverage the AI platform to engage directly with customers to help them through their journey, while recommending products directly to them and reducing agent cost.

Of course, to implement such a cross-business data lake, while also enabling Individual Rights under the GDPR, requires that certain data be anonymized and secured, thereby enabling the business without compromising the consumer. With our particular approach to data lakes on the Truyo platform, when you expose your transactions and records to a customer, you can do that in full legal compliance, on our data platform.

Chris Dieringer, National Sales Director at Microsoft - Retail and CPG Industry

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

The CCPA Hidden Game Changer: “Do Not Sell My Personal Information”

There are several key aspects of the California Consumer Privacy Act (CCPA) that people are largely missing to date. Here, learn why the "Do Not Sell ...

A MasterClass in Modern Privacy Rights Management: CCPA & Beyond

Privacy regulations are expanding beyond the European Union’s General Data Protection Regulation (GDPR), to include California’s Consumer Privacy Act ...

Choosing a Compliance Management Software: How to Pick the Right One

Automated compliance software supports the compliance strategy within your organization and helps automate the process of adhering to the policies and...

How to Modify Your GDPR SAR Practices for the CCPA

Original broadcast date: March 21, 2019 via IAPP Webconference When it comes to operationalizing your privacy compliance, the need to create efficient...