As marketers and customer experience professionals around the world prepare for the implementation of the EU’s General Data Protection Regulation (GDPR), many want to dig deeper into the regulation to ensure compliance and best practices are in place.
With that in mind, we’re kicking off a series of posts designed to ground readers in in GDPR’s data fundamentals, the building blocks of the regulatory framework. And we’ll begin in a pretty obvious place: what is customer data?
It’s a simple question with a scary answer.
Under the regulation, “customer data” is anything that can directly or indirectly trace back to a EU consumer. Ordinarily, we think of customer data as a name, email address or other direct information. GDPR’s definition includes a consumer’s IP address, cookies used to track their web browsing and other records that exist outside the traditional database server.
Consider the consequences of this definition on a request to be forgotten. While you may be able to easily delete primary information from your database, this broader interpretation of personal data requires you to scour outside sources and aggregators to fully (and provably) cleanse your systems.
In other words – sound storage and data management are a must once GDPR goes into effect next year.