We’ve been talking about GDPR a lot here at DMN, and we’ll continue to do so. The regulation, which becomes law on May 25 this year, will affect North American-based businesses in ways foreseeable and unforeseeable. I wanted to give SAP Hybris a voice in the discussion, because of the deep European roots of the business.
But that’s not the only valuable perspective Hybris brings. It also brings the customer identity smarts of Gigya, which joined the SAP stable in September 2017. I spoke with Patrick Salyer, Gigya’s long time CEO.
“There’s an over-arching mega-trends that GDPR is part of,” Salyer said. “Consumers want a great customer experience — we get that — but consumers want it done the right way. They’re tired of creepy experiences where they don’t know what’s happening to their data, or if they’re being tracked without their knowledge. There’s a real push back, and a demand for transparency and control.”
Three new solutions make up the Gigya-driven response to this new environment: Identity, Consent, and Profile.
“It really begins with SAP Hybris identity,” Salyer explained. “As a starting point, you need to know who someone is.” This means deterministic self-identification, through authentication or registration (for example via social log in or Touch ID). Second, and described by Salyer as “the core” of the GDPR offering, is SAP Hybris Consent. “You need to get [user] permission to access their information and market to them, and to give them control and transparency around that.”
For brands, that means managing terms of service to consumers, tied to privacy policy, and getting re-consent when terms of service change. It also means giving users controls to opt into “certain marketing or personalization efforts,” and to view, delete, or export their profiles. Adding complexity, some brands will need to manage these processes consistently across hundreds of web pages and apps. They’ll also be compelled to go back over historic data to see what existing customers have consented to.
Finally, there’s the obligation to manage the profile itself, a particularly sharp challenge given the plethora of downstream marketing and sales applications which need to not only access data about an individual consumer, but understand what permissions they have — or don’t have — to use that data. “A really simple email marketing tool usually has its own storage of customer data, but does it know if it has the latest data? Does it have the right to email that user, once a week or once a month? You really need to store the information at a central location — and that is Profile.”
Given Gigya’s core competency in customer identity management, I wondered if the SAP acquisition had GDPR or similar regulatory regimes in mind. “I think SAP in general is a company which knows the importance of trusted relationships. I also think it’s a privacy-minded brand when it comes to software, especially given its European roots. They’ve understood this trend for a long time; they saw the importance of GDPR compliance coming on the horizon. For us at Gigya, it just made a fantastic fit.”
As I reported from the SAP Hybris Global Summit last year, the reaction of European brands to the approach of GDPR seemed much more positive than that of their North American counter-parts. Marketers seemed to relish the promise of clean, reliable, permission-based personal data. Salyer agreed. “I’m hearing that more and more from our customers and prospects. To be honest, you’re starting to see a shift in the last six months that it’s not just in Europe. Others are catching on, specifically in North America. For the last ten years we’ve driven personalization, but we’ve done it by using data without permission; and that data is really, really inaccurate. It just is.”