Satisfying GDPR with Enterprise Information Management technology

In the lead up to 25th May, enterprise compliance teams across the UK have scrambled to understand the requirements of GDPR and implement processes and solutions to achieve compliance.

Gaining access to all the sources of customer data you have and the ability to consolidate and standardise that information will be crucial. GDPR isn’t just about the data you have, it’s about what that data reveals about customers.

GDPR compliance also requires that an organisation can dispose of data responsibly securely. Enterprise Information Management (EIM) tools are important in achieving this. EIM gives you classification and tracking tools that allow safe and validated deletion of information assets you have no authority to hold and allows you to extend these capabilities to all data repositories.

In many organisations data is spread across different systems and is subject to different rules and controls. An EIM platform enables businesses to store and manage all of the unstructured information throughout the organisation, making it easier to understand the data, comply with GPDR and enforce global policies, such as promptly deleting any personal data collected for a one-off or time limited use.

EIM’s capabilities will also be important to satisfying GDPR’s mandates for Personally Identifiable Information (PII — a customer’s name, email, photo, their IP address, or any other data point that could be used to identify them).  Everything is on the table.

Shifting the corporate mindset around data

GDPR has landed with the full force of the law across all EU member states. It applies to the personal data of EU citizens regardless of where it is collected or stored. If your organisation collects data from EU citizens, you will have to follow GDPR rules – even if you don’t have an office or legal entity in the EU

For many that will require a shift in mindset and approach to customer data. Most businesses aim for data maximisation, collecting as much information about customers as possible and then extracting maximum value from it by reusing data in multiple campaigns or even selling it to a third party.

One of the core principles of GDPR is data minimisation: collecting only the smallest amount of personal data for the shortest period of time possible and deleting it as quickly as possible after its specific purpose is completed.

How can businesses reconcile what seem to be polar opposites in the use and objectives for customer information? Is all outbound marketing about to come to an end?

Using EIM to achieve compliance can streamline processes and reveal efficiencies

With EIM tools, GDPR compliance could be the impetus many organisations need to harmonise all the customer information they have on company systems in one repository.

Compliance will actually create a basis for achieving the marketing holy grail of ‘single customer view.’ In the past, this meant bringing all the information an organisation held on a customer into one comprehensive file. Under GDPR it requires a complete 360-degree view of all individuals who interact with your company, and all the touch points they use to do so.

Gathering all the information you have on each individual enables businesses to see customers holistically, from all the touchpoints they have with the company and brand. Being able to examine common traits between data sets means gaining much greater insight into customer behaviour.

The challenge of GDPR is to unify large amounts of PII data from multiple formats and sources. To gain end-to-end visibility of personal data on any individual you will need to bring together structured data such as product and service information from multiple systems within the organisation and beyond.

Companies will also have to collate unstructured data like web registrations; social media interactions; website behaviours like click throughs; and communications with your organisation via email, fax (yes fax), call centre audio tapes, or mobile app usage.

Only Enterprise Information Management (EIM) can achieve this.

Complexity – and opportunity

To comply with GDPR, enterprises need to look at all the ways they use and process personal data. GDPR is arguably the most far-reaching piece of data protection legislation ever drafted. Achieving compliance will be hard work, but the end result will be a template for bringing together all company information you have about each individual.

The end result will be a single customer view that eliminates any uncertainty about the data you have in the event of an audit, while also vastly improving your understanding of customer preferences and behaviour – in short, a more effective arsenal of data.

Being compliant with GDPR is also an opportunity to focus on the business processes, while providing a seamless experience for users of information systems that can improve productivity.

To achieve this, large organisations in particular will need to consider some type of Enterprise Information Management (EIM) solution. This can allow visibility of all information that is being created, processed, stored and shared – in whatever format.

EIM combines tools like machine learning, pattern identification and entity extraction with data visualisations, keywords and metadata filters to help legal and compliance teams identify any PII-carrying data. All of this is guided by a document review workflow that has been tested through legal projects and layered security, for example, by adding auto-classification capabilities that may reduce the burden of manual work to accomplish a desired classification threshold.

By delivering transparency of all personal data in the enterprise, EIM can help build customer loyalty and increase revenue by better understanding and managing customer interactions. The broad enablement of single customer view may turn out to be GDPR’s most lasting business legacy.


By Kirit Patel, Regional Managing Director, EOH

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.