The Impact of GDPR on Digital Transformation Projects

There’s been a lot of noise about GDPR recently and this week it even got top story coverage across a number of news websites.


Last month’s revelation that Weatherspoons had deleted its entire customer database was symptomatic of many British businesses who have been capturing customer data in a haphazard way for years. You have to have sympathy for organisations like Weatherspoons. The shift to digital comms and the competition to gather customer details has logically led to the mass adoption of lots of different bits of technology. Frequently individual departments have no idea that more than one set of customer records exist.

One of the things I’ve enjoyed most in my career so far has been that I’ve seen a lot of organisations go through successful Digital Transformations. This article explores how GDPR will impact on the planning and successful delivery of these projects.

Is RACI still applicable?

Responsible, Accountable, Consulted and Informed. A mantra on most of the digital transformation projects I’ve been involved with.


What makes digital transformation projects different from bog standard website projects is the number of internal and external stakeholders who are involved in the project process. The reality is that most of the time departments outside of IT and Marketing such as Customer Services, Finance and even Senior Management Teams are kept at arm’s length. Or Consulted and Informed.

Moving forward any review of overarching customer strategy and technology infrastructure will have to consider how customers can be forgotten as much as how we gather information on them in the first place. I still think that RACI is applicable but that project discovery is likely to lead to change requests in internal data handling processes. This is likely to see fewer people kept at arm’s length and more of them being Responsible and Accountable.

What about Web Personalisation, Marketing Automation and Re-targeting?

For organisations adopting personalisation strategies, the current trend has been to use as many data collection points as possible to generate a 360’ view of customers.


It’s unlikely that we will see this practice change as it’s largely driven by customer interaction but having a Single Point of User Data (SPUD) will become more important (If you’re not sure what a SPUD is, check out this webinar by our Customer Success Manager Eddie Ryce). Failing to have a central repository and strategy for gathering customer data will mean a lot of administration going through different systems and deleting records. One area that might be particularly interesting is IP tracking technology which is often kept away from customer CRM records. Sending personalised re-targeting messages based on previous activity could well lead to GDPR infringement.

Also… what happens if a friend of somebody who has asked to be forgotten recommends a piece of content or a product to them? Do we need to have a validation process that shows the customer is on our blacklist? Edge case questions like this are likely to require changes to what we need our SPUD to do for us.

Use of Outlook, Gmail, Etc

For most of the businesses I work with there is a CRM and then there is the contact list that exists in email clients. Staff (including management) are terrible at remembering to put everyone they ever speak to into the CRM system.

Systems like Hubspot which have integrations with mail providers could have a solution for smaller businesses but for larger organisations with multiple brands, this could be problematic (we might want to have two or three records of the same customer and email address for each business area).

I think the reality here is that organisations are going to have to get smarter. It might be that digital transformation projects of the future involve business consultancy in the planning stage to outline GDPR compliant processes. These are likely to either impact or replace existing job functions which will need to be agreed with those people affected. So we might see a widening of people Consulted and Informed as part of the Digital Transformation.

For those of you thinking that this is overkill…. yes having to search through multiple email accounts is laborious but could it really have a commercial impact? Time lost searching through emails has which is of no commercial value but it isn’t normally noticeable on a small scale. A GDPR breach for any organisations with thousands of customers could lead to thousands of requests to remove customer records all deliverable within 7 days. If the average time taken to check and delete these records is 30 minutes rather than 30 seconds that is going to cause major disruption and represent a lot of lost unproductive staff hours.


Fancy a chat?

If you’ve got questions after reading this article please feel free to email our Customer Success Manager – Eddie Ryce

Alternatively, sign up below to our newsletter to receive updates on GDPR and our other digital marketing insights and trends.

Share This

Subscribe to our mailing list