The Link Between Privacy and Product Data

Do we as a consumer need to be told what to buy? Or do we rather want to be told what we are buying?

This theme was examined in a previous post titled You Must Supplement Customer Insight with Rich Product Data.

Not at least on the European scene with the upcoming General Data Protection Regulation (GDPR) there are limits to how far you can go in profiling your (prospective) costumers. And I am sure those people will value more you are telling them the complete story about your products, rather than guessing what products (from your range) they might need.

As a consumer, we want the facts about the products to make a self-service purchase. We want to be able to search for and navigate precisely to a product suitable for a specific use. We want the facts in a way, so we can compare, perhaps using a comparison service, between different brands and lines. We want to know what accessories goes with what product. We want to know what spare parts goes with what product.

By the way: Business buyers want all that too. And a person being a business buyer is a person (data subject) in the eyes of GDPR too.

For providing complete and consistent product data you as a (re)seller need to maintain high quality product data and if your product portfolio is just above very very simple, you need a Product Information Management (PIM) solution and, if you have trading partners, you need a PIM-2-PIM solution to exchange product information with your trading partners.

pdl-how-4

Advertisements

Party Master Data and the Data Subject

Within the upcoming EU General Data Protection Regulation (GDPR) the term data subject is used for the persons for whom we must protect the privacy.

These are the persons we handle as entities within party Master Data Management (MDM).

In the figure below the blue area covers the entity types and roles that are data subjects in the eyes of GDPR

Data Subjects

While GDPR is of very high importance in business-to-consumer (B2C) and government-to-citizen (G2C) activities, GDPR is also of importance for business-to-business (B2B) and government-to-business (G2B) activities.

GDPR does not cover unborn persons which may be a fact of interest in very few industries as for example healthcare. When it comes to minors, there are special considerations within GDPR to be aware of. GDPR does not apply to deceased persons. In some industries like financial services and utility, the handling of the estate after the death of a person is essential, as well as knowing about that sad event is of importance in general as touched in the post External Events, MDM and Data Stewardship.

One tough master data challenge in the light of GDPR will be to know the status of your registered party master data entities. This also means knowing when it is a private individual, a contact at an organization or an organization or department hereof as such. From my data matching days, I know that heaps of databases do not hold that clarity as reported in the post So, how about SOHO homes.

Your General Data Protection Roadmap

Being ready for the EU GDPR (European Union – General Data Protection Regulation) is – or should be – a topic on the agenda for European businesses and international businesses operating with an European reach.

The finish date is fixed: 25th May 2018. What GDPR is about is well covered (perhaps too overwhelmingly) on the internet. But how do you get there?

Below is my template for a roadmap:

GDPR Readiness RoadmapThe roadmap has as all programs should have an as-is phase, here in concrete as a Privacy Impact Assessment covering what should have been done, if the regulation was already in force. Then comes the phase stating the needed to-be state with the action plan that fills the gaps while absorbing business benefits as well. And then implementation of the prioritized tasks.

GDPR is not only about IT systems, but to be honest, for most companies it will mostly be. Your IT landscape determines which applications will be involved. Most companies will have sales and marketing applications holding personal data. Human Resource Management is a given too. Depending on your business model there will be others. Remember, this is about all kind of personal data – that includes for example supplier contact data that identifies a person too.

The skills needed spans from legal, (Master) Data Management and IT security. You may have these skills internally or you may need interim resources of the above-mentioned kind in order to meet the fixed finish date and being sure things are done right.

By the way: My well skilled associates and I are ready to help. Get in contact:

Where GDPR Still Becomes National

EU GDPRThe upcoming application of the EU General Data Protection Regulation (GDPR) is an attempt to harmonize the data protection and privacy regulations across member states in the European Union.

However, there is room for deviance in ongoing national law enforcement. Probably article 87 concerning processing of the national identification number and article 88 dealing with processing in the context of employment is where we will see national peculiarities.

National identification numbers are today used in different ways across the member states. In The Nordics, the use of an all-purpose identification number that covers identification of citizens from cradle to grave in public (tax, health, social security, election and even transit) as well as private (financial, employment, telco …) registrations have been practiced for many years, where more or less unlinked single purpose (tax, social security, health, election …) identification numbers are the norm most places else.

How you treat the employment force and the derived ways of registering them is also a field of major differences within the Union, and we should therefore expect to be observant of national specialties when it comes to mastering the human resource part of the data domains affected by GDPR.

Do you see other fields where GDPR will become national within the Union?

The Sunny Side of GDPR

Happy SunDon’t panic about GDPR. Don’t neglect either. Be happy.

Recently Ditte Brix Andersen of Stibo Systems wrote a blog post called Preparing for GDPR – Burden or Opportunity?

As Ditte writes, the core implication of GDPR is: “Up until now, businesses have traditionally ‘owned’ the personal data of their customers, employees and other individuals. But from May 25th, 2018 individuals will be given several new personal data rights, putting the ownership right back in to the hands of each individual”.

I agree with Ditte that the GDPR coming into force can be seen as an opportunity for businesses instead of a burden. Adhering to GDPR will urge you to:

  • Have a clear picture about where you store personal data. This is not bad for business too.
  • Express a common understood idea about why you store personal data. Also very good for business.
  • Know who can access and update personal data. A basic need for risk handling in your business.
  • Document what kind of personal data you handle. Equally makes sense for doing your business.
  • Think through how you obtain consent to handle personal data. Makes your business look smart as well.

In fact, after applying these good habits to personal data you should continue with other kind of party master data and all other kinds of master data. The days of trying to keep your own little secret, even partly to yourself, versions of what seems to be the truth is over. Start working in the open as exemplified in the concept of Master Data Share.

What is a Master Data Entity?

What is a customer? What is a product? You encounter these common questions when working with Master Data Management (MDM).

The overall question about what master data is has been discussed on this blog often as for example in the post A Master Data Mind Map.

Master Data

The two common questions posed as start of this blog post is said to be very dangerous. Well, here are my experiences and opinions:

What is a customer?

In my eyes, customer is a role you can assign to a party. Therefore, the party is the real master data entity. A party can have many other roles as employee, supplier and other kinds of business partner roles. More times than you usually imagine, the party can have several roles at the same time. Examples are customers also being employees and suppliers who are also customers.

From a data quality point of view, it does not have to matter if a party is a customer or not at a certain time. If your business rules requires you to register that party because the party has placed an order, got an invoice, paid an invoice or pre-paid an amount, you will need to take care of the quality of the information you have stored. You will also have to care about the privacy, not at least if the party is a natural person.

Uniqueness is the most frequent data quality issue when it comes to party master data. Again, it is essential to detect or better prevent if the same party is registered twice or more whether that party is a customer according to someone’s definition or not.

What is a product?

Also with products business rules dictates if you are going to register that product. If you are a reseller of products, you should register a product that you promote (being in your range). You could register a product, if you resell that product occasionally (sometimes called specials). If you are a manufacturer, you should register your finished products, your semi-finished products and the used raw materials. Most companies are actually both a reseller and a manufacturer in some degree. Despite of that degree practically all companies also deals with indirect goods as spare parts, office supplies and other stuff you could register as a product within your organisation in the same way your supplier probably have.

What we usually defines as a product is most often what rather should be called a product model. That means we register information about things that are made in the same way and up by the same ingredients and branded similarly. A thing, as each physical instance of a product model, will increasingly have business rules that requires it to be registered as told in the post Adding Things to Product Data Lake.

The Big Data Secret of SPECTRE

I’m sorry if this blog is turning into a travel blog. But here’s a third Paris story.

Boulevard Haussmann is one of the city’s great thoroughfares (to use the right meta-data term) and is known to be where we can find the headquarters of SPECTRE.

While visiting SPECTRE today I learned a lot about how SPECTRE is exploiting big data as an important way of keeping up with the tough competition in its industry sector today. But all that is of course a secret.

When asking about if they still has trouble with Bond the answer was:

Barry_Nelson_as_Jimmy_Bond_in_1954
Jimmy Bond when he was a field agent

“Bond? – Jimmy Bond? – The sexy data scientist who is working for NSA?”

“Oh no, I replied. James Bond.”

“Oh, yes” the SPECTRE chief data manipulator replied. “He was with British Intelligence. But he has been moved to the EU Data Protection Service. He just got his license to fine. Now 2%  and soon 5% of our global turnover each time. Very dangerous man. Very dangerous”.

Bookmark and Share

Sharing is the Future of MDM

Over at the DataRoundtable blog Dylan Jones recently posted an excellent piece called The Future of MDM?

Herein Dylan examines how a lot of people in different organizations spend a lot of time on trying to get complete, timely and unique data about customers and other business partners.

A better future for MDM (Master Data Management) could certainly be that every organization doesn’t have to do the work over and over and again. While self registration by customers is a way of letting off the burden on private enterprises and public sector bodies, we may even do better by not having the customer being the data entry clerk and typing in the same information over and over and again.

Today there are several available options for customer and other business partner reference data:

  • Public sector registries which are getting more and more open being that for example for the address part or even deeper in due respect of privacy considerations which may be different for business entities and individual entities.
  • Commercial directories often build on top of public registries.
  • Personal data lockers like the Mydex service mentioned by Dylan.
  • Social network profiles.

instant Single Customer ViewMy guess is that the future of MDM is going to be a mashup of exploiting the above options.

Oh, and as representatives of such a mashup service we recently at iDQ made sure we had the accurate, complete and timely information filled in on our Linkedin Company profile.

Bookmark and Share

Doctor Livingstone, I Presume?

The title of this blog post is a famous quote from history (which as most quotes are disputed) said by Henry Morton Stanley (who actually was born John Rowlands) when he found Doctor Livingstone (David Livingstone) deep into the African jungle in 1871 after a 6 month expedition with 200 men through unknown territory.

Today it’s much easier to find people. Mobile phone use, credit card transactions and tweet positions leads the way, unless of course you really, really don’t want to be found as it was with Osama bin Mohammed bin Awad bin Laden.

One of the biggest issues in data quality is real world alignment of the data registered about persons. As told in the post out Out of Africa there are some issues in the way we handle such data, as:

  • Cultural diversity: Names, addresses, national ID’s and other basic attributes are formatted differently country by country and in some degree within countries. Most data models with a person entity are build on the format(s) of the country where it is designed.
  • Intended purpose of use: Person master data are often stored in tables made for specific purposes like a customer table, a subscriber table a contact table and so on. Therefore the data identifying the individual is directly linked with attributes describing a specific role of that individual.
  • “Impersonal” use: Person data is often stored in the same table as other party master types as business entities, projects, households et cetera.

Besides that I have found that many organizations don’t use the sources available today in getting data quality right when it comes to contact data.

It’s not that I suggest actually hacking into mobile phone use logs and so. There are a lot of sources not compromising with privacy that let you exploit external reference data as explained in the post Beyond Address Validation.

Bookmark and Share

Hierarchy Management in Social MDM

Hierarchy management is a core feature in master data management (MDM). When it comes to integrating social data and social network profiles into MDM, hierarchy management will be very important too.

Aggregated Level of Social MDM in B2C

The primarily privacy related challenges of social MDM not at least within business-to-consumer (B2C) have been a topic of a lot of blogging lately.  Examples are:

One way of overcoming the privacy considerations is linking to social data and social network profiles at an aggregate level.

Using aggregate level linking is already well known in direct marketing with the use of demographic stereotypes. These stereotypes are based on groups of consumers often defined by their address and/or their age. Combining this knowledge with product master data was examined in the post Customer Product Matrix Management.

Social MDM will add new dimensions to this way of using hierarchies in master data and linking the data across multiple channels without the need to uniquely identify a real world person in every aspect.

Contact Level Social MDM in B2B

As discussed in the post Business Contact Reference Data social network profiles has lot to offer within mastering business-to-business (B2B) contact data.

While access to external reference data at the account level has been around for many years by having available public and commercial (and even open) business directories, the problem of identifying and maintain correct and timely data about the contacts at these accounts has been huge.

Integrating with social networks can help here and social networks are actually also integrating more and more with the traditional business directories. LinkedIn has business directory links for larger companies today and lately I noticed a new professional social network called CompanyBook that is based on linking your profile to a (complete) business directory. By the way: The business directory data available in CompanyBook is surprisingly deep, for example revenue data is free for you to grab.

When it comes to contact data they are basically maintained out there by you. A service like LinkedIn is often described as a recruitment service. In my eyes it is a lot more than that. It is along with similar services a goldmine (within a minefield) for getting MDM within B2B done much better.

Bookmark and Share