Tag: GDPR

Posted on

Factors to consider in relation to Customer Master Data and being compliant

anonymous ethnic man demonstrating thumb up sign on street

The growing number of quality standards and regulations (industry-specific or not) mean companies must meet certain compliance criteria directly or indirectly impacted by the quality of data in the systems.

Businesses face many regulatory frameworks and potential risks that require the maintenance of extensive reporting mechanisms and specific processing and handling activities around critical customer master data such as details related to bank accounts, contracts, and contract conditions. In the finance, Insurance, retail, health and pharma segments, regulations vary from country to country but the message is largely the same – you need to know what data you have and you need to be looking after it properly.

Failure to take necessary steps to protect the data can lead to a variety of punitive measures being imposed by the authorities. This is separate from any personal liability claims that might be brought by individual members of the public in relation to incorrect or inappropriately handled customer master data. Appropriate management of customer master data is therefore essential not just to ensure that there are no negative financial implications but also to ensure the preservation of the organization’s reputation.

How a CMDM helps with compliance

A customer master data management system gives businesses a single reference point or single customer view. This can be of help when trying to meet compliance expectations by describing the records held, the content of the records and enumerating the evolution of those records over time from origin to current state.

A well-designed master data management platform makes it easier for businesses to audit and standardize their view and understanding of the customer across the many data repositories that they might have including data warehouses, transactional systems and other data sources that might use different technologies in different business units and geographies.

A centralized customer master data management platform offered under a PaaS or SaaS model is a continuous duty system by nature and backed up in alignment with best practices and all necessary regulatory requirements. Features that you can expect include the identification and optional removal of duplicate records, the maintenance of strict standards in relation to data quality and the presence of a user permissions hierarchy to ensure that only those who should have access, do.

Right to Erasure

Under European GDPR policy, the ‘Right to Erasure’ gives users the right to have their records erased from databases to meet privacy requirements. When you have the customer master stored in many places this is a difficult requirement to meet.

It is also amongst the key components under California’s CCPA framework and other frameworks of a similar nature exist in other geographies globally.

Removing customer information from your records, or even correcting it, is more straightforward when you have a centralized customer master data management system. In some cases, people want to remove only publicly recognizable information from the available channels, but this can become tedious if such information is expressed differently in a different system with no interconnected golden thread that forms a unified reference point.

For either removal, correction or suppression of data, having a master data management reference point is operationally more efficient and better supports the ability to be compliant. The CMDM platform offers that unique point of reference for each database. This means that compliance activities can quickly identify data quality issues, make the necessary changes and get those corrections syndicated across departmental and downstream systems in the organization.

KYC compliance (Know Your Customer)

All financial sector organizations must submit customer information to regulatory authorities, often before providing the person or organization with financial services. Regulators are quite strict on the importance of customer record quality; incorrect measures in an organization can risk exposure to compliance penalties, places assets at risk and also introduces reputational risks. The Dodd-Frank act overhauled the US financial regulation system and while some of the act’s regulations were rolled back by the Trump administration the new regulations being implemented at the individual state level and in Europe provide sweeping new protections for citizens that organizations need to subscribe to. 

Financial institutions and Fintech companies that build secure systems and processes to collect and submit KYC data to authorities enjoy benefits over their competitors not only in terms of the quality of the data that they hold, but also the costs associated with maintaining their compliance, and of course the risks associated with specific accounts. A CMDM platform can help businesses centralize KYC information and make it easier for them to meet regulator screening requirements. According to Deloitte’s 2020 banking and capital markets outlook, “wealth managers are grappling with the rising cost of compliance and increasing focus on KYC/AML and data protection” something which a CMDM can surely help with controlling.

Meeting the requirements of compliance rules is also often time-consuming for businesses. For businesses that have been in the business for decades, this is particularly hard when they have ageing infrastructure and long-established customer data management practices.

Enterprise-level master data systems prioritize security and industry compliance, admittedly at a cost, but this cost is often more transparent than the many hidden costs associated with ad hoc and unstructured, even perhaps uncoordinated data management practices. CMDM helps businesses implement and comply with data quality standards and implement policies on demand.

If you’re challenged by compliance worries around your customer master data management, why not reach out to Pretectum today and find out how we can help.

RJ

Posted on

How CMDM plays into “defensive” data management

chain link fence and barbed wires

We are all conscious of our digital selves and how much of who and what we are is visible on the internet, there’s a seedy underbelly that’s perhaps less known to many of us, particularly if we are not part of the hacker community. We’re also well aware that the likes of Cambridge Analytica and the Facebook fiasco, led to bad actors targeting ordinary consumers (and voters) with false narratives and targeted messages to manipulate the thinking and perspectives of the general public.

More recently you will have noticed that almost every site that you visit, now asks that you give your explicit consent to having them track your interaction and browsing on the site and potentially other sites too. Signing up for electronic newsletters has become as onerous or as legally webbed, as applying for a credit card, and just as for the credit card T’s and C’s, the degree to which we all read the fine print is likely very small.

For years we have assumed that businesses would store our details responsibly and not expose our information and especially our unique identifiers, email address, and vitals to those who might engage in nefarious deeds.

Despite the fact that there have been many data breaches, it is surprising then, that many companies still do not appropriately secure their customer data. This securing of data should be thought of in the context of being a defence strategy. This is not unlike a gate and perimeter fence to property or controlled borders of a country.

Adequate data security, quality, and access control combined with meeting the rigours of compliance are data management defence measures and they’re a critical part of ensuring that customer data is held appropriately and securely.

“The only defense against the world is a thorough knowledge of it.”

― John Locke, English philosopher and political theorist

Every time identity-related data or personally identifiable information (PII) is stolen or leaked and then abused, it is the companies that carry the cost burden. As a consequence, it is very important to take on defensive data management measures to neutralize risk and threats.

Poor data quality and poor data security ultimately carry a cost that is often greater than simply monetary values. Miscommunication or inappropriate communication from poor data quality and the more serious loss of data as part of a data breach, all damage the reputation of a brand or organizational identity which in turn can lead to the immediate loss of trust between your company and its customers.

Some of the more rigorous compliance expectations that your business should be adhering to, under the various regulations, include lawful possession of data, fairness in the use of that data, and transparency about the data that you have. Some other requirements are that you only use the data for its originally agreed purpose, that you only hold the absolute minimum of data that you need, that you retain it only for so long as you previously agreed or until the data no longer serves its original purpose, that the data be correct and proper and not exposed publicly and that if any of these facets are not adhered to, that the persons to whom that data relates, will be appropriately informed.

The fines and penalties associated with violations and failures can be extremely punitive and actually put organizations out of business.

The Pretectum Customer Master Data Management platform addresses aspects of this defensive strategy by offering five key characteristics to the customer master data management practice that support your CMDM function in being compliant.

Encryption – all data stored in the Pretectum CMDM platform and as such, data at rest, is encrypted by default in a secure database

Access Control – all access to objects within the Pretectum CMDM platform is granted through a “least permissions” model and is granted to users via an identifier with an accompanying password for UI access, and the same with a token via API. Users are then further restricted based on a hierarchy of permissions based on the organizational assignment and very fine-grained permissions within that organizational assignment.

Identifiable users – all users are identified by way of an email address that is part of the domain associated with the Pretectum platform subscription.

Data Quality built-in – depending on the way schemas are defined, all data either confirms or conflicts with self-defined business rules and configuration. The ability to observe the compliance of a given record with the specific rules defined, is observable at every stage in the platform.

Verbose Auditing and change logging – a verbose history of changes and events is tracked for all data and all objects in the platform including changes to user permissions and access.

To learn how the Pretectum Customer Master Data Management platform can serve you best in your defensive data management endeavors contact us today.

Further Reading

Posted on

Does all your customer data belong to you?

black and white wooden sign behind white concrete

Customer data is broad-spectrum in nature, it covers a lot of information about the people that your company serves. At the most fundamental level, your customer data is a critical data asset that you need to understand your customers and guide how you can best serve them.

There are many kinds of data that you will have about the customer, from names to email addresses. phone numbers, job titles, date of birth and other personally identifiable information (PII) through to sales orders, quotations, service and support ticket records, policies, warranties, certificates etc. You may even know where they work, what kind of devices they use and more about their families!

The possibilities are almost seemingly limitless, depending on the purpose and intent you have for that data.

Just like their physiology, customer data comes in a variety of shapes and sizes. You may have their data stored in more than one system of record or repository and simply making sense of the customer data that you have, may seem daunting especially if you have doubts about the consistency, accuracy and general quality of your customer data.

This is why we talk at Pretectum, about focus, a focus on what matters and having the right customer data perspective. We have observed that many organizations fail to establish some fundamental building blocks for building and using customer data effectively.

We believe that you are likely to have four main missions around your customer data

  • Customer data definition
  • Preventing bad data creation
  • Assessing the quality of customer data
  • Reporting and distributing customer data

Customer data definition
Basic personal customer data frames aspects of your fundamental understanding of each relationship you have with every customer. Out of the box configuration, standard data fields in an ERP, CRM or CDP should be considered minimum basic data. Names, addresses, email addresses, phone numbers and relationships are all examples of basic customer data.

Demographic data, such as gender, family connections, income, social media data or firmographic data can also be basic customer data but not necessarily so.

Preventing bad data creation
We believe there is only one way to prevent the creation of bad customer data and that is through the introduction of rigour into the customer data creation process.

Whether your personnel are using batch loading methods, technology-based interfaces or manual entry methods, the best way to ensure that you are maintaining the best view of the customer is one where the journey to data creation is a curated one.

This means creating and maintaining controls and restrictions around the customer data that can be created and the ways in which that same data is edited and maintained.

Assessing the quality of your customer data
We believe there are an infinite number of ways to assess customer data quality but business process owners know what really matters and should have the tools and methods available to support their data quality assessment.

These data quality assessment methods should be rooted in the curation process, whereby the rules, measures and controls that you maintain for data creation should be the same rules, measures and controls that you use for data quality assessment

Not only does this maintain a unified view and understanding of the data that you have, and the maintenance thereof, but it also means that you can consider extensions to the portfolio of customer master data according to the evolving needs of your business with some degree of confidence that you are not creating a potential compounding problem of poor data quality in your customer master data.

Reporting and distributing customer data
Once you’ve created your customer data definition, defined all the rules around that data and determined who can and should have access to the data and the potential maintenance thereof; you need to consider how you will make it available for use by the wider community of business users in your business.

Everyone from product management through sales, marketing, service and support will have an interest in customer data because it tells a story about past success and prospective opportunities.

For best effect, when considering the syndication of customer data, you need to determine the purpose and intent that you have around the customer data that you have. In this light, you need to consider the customer data goal.

The customer data goal
In itself, customer data offers only the most minimal value to an organization. Harnessing customer data to improve the customer experience or develop new products or features is a very common first goal.

Accelerating revenue growth, profit maximization, and renewal maintenance can be additional motivators. These goals have nothing to do with the data itself but they have everything to do with what you need to have in place and the level of confidence that you need to have around the quality of the customer data that you have.

Competition landscape
It is not unusual to draw parallels between your business and your nearest competitors, to look to the customers that they have, the way that they interact with them and the level of commitment and recurrent business that they harvest from their existing customers and potentially how that influences prospects.

Many organizations leverage customer data in a secure and scalable way and have a disciplined approach to making customer data accessible to the wider organization. Thinking about your competitors, do you believe that they have better data and a better handle on the customer data curation process?

This may be difficult information to glean from your competitors, but the good news is that Pretectum’s C-MDM takes a lot of the guesswork out of the process for you, by suggesting the rules, controls and measures that you should have in place for your customer data.

Further, intelligence under the hood, helps you to curate perfect sets of customer data according to the needs, purposes and intentions that your business has for customer master data management.

Even more significantly, Pretectum Customer MDM looks to the characteristics of your business and compares that with similar entities in your industry segment to suggest, hone and refine the data governance process for your customer data according to the needs that your business has while taking advantage of the concept of crowdsourced insight and policy.

Data Essentials
The advantage of the Pretectum CMDM approach is that data that you have today, that you think is trivial and superfluous and perhaps not even that useful, may prove to be particularly valuable for some very specific use cases that you currently don’t use it for today.

This means, that although you may have some very specific needs that you want to address today, you can have a lens on your customer data that provides only the bare essentials or critically necessary data for that particular purpose but you continue to maintain and curate other data that you may wish to use at some point in the future, thereby leveraging a different lens on the customer master.

The era of privacy regulation
Data protection regulations like the US Privacy Act of 1974, COPPA, the Gramm-Leach-Bliley Act (GLBA), Californian Consumer Privacy Act (CCPA) and Europe’s GDPR along with industry-specific data security requirements like HIPAA and PCI are increasingly commonplace in our data-centric economy.

The Pretectum platform holds any data that you choose to store, in an encrypted and secure way according to the laws of your country and in a way that meets the intent and objectives of regulation.

Pretectum goes a step further though, in addition to ensuring that your customer data is secure, Pretectum also supports you in being able to inform your customers about the data that you have and allows you to afford them the opportunity to curate the data that you have. This consent-based approach means that your customers can tell you how they would like you to use their data and what you may do with their data. In addition, they can maintain their vital statistics in a way that supports your data being continuously up to date.

Update your vision for customer data today and consider a new perspective on the customer with Pretectum CMDM.