There’s a lot of buzz these days about data privacy and data quality. And rightly so: the push for tighter regulations around how companies gather, store, and use data has picked up steam in recent years across the entire globe.
This has resulted in a significant amount of new and updated legislation in the EU (for example, the General Data Protection Regulation and additional guidance around the EU ePrivacy Directives) and within the United States (with new laws passed in California, Colorado, and Virginia)—and this new legislation is changing the data game.
A great deal of focus has been on consumer consent, but that’s only half the story. The same laws that cover consent also focus on how companies can collect, integrate, and use data. The problem? If you don’t understand and adapt to the new regulations, your data quality will be negatively affected. And that, in turn, will have a big impact on your ability to gain insight about your customers, market to your core audience, and achieve overall business goals.
The good news, though, is once you understand the new regulations, you can define a strategy to collect and use the data you need in a compliant way. To help with that, let’s look at how regulations have changed, and then I’ll walk you through how to adapt in three core areas—people, platforms, and processes—so you can ensure your data quality remains strong.
Third-Party versus First-Party Data
One of the biggest changes to come out of the new regulations relates to how companies can acquire data to better understand their consumers. In the past, organizations could rely on or supplement their data sets by purchasing third-party data or by leaning on third-party partners to help them collect data.
Not so anymore. The impending death of third-party cookies inhibits the technical means to integrate third-party data, while the new regulations remove the legal basis for doing so.
As a result, companies are being forced to pivot to collecting, integrating, and activating first-party data. Because companies can no longer turn to third-party vendors if the data they collect themselves is bad, data quality is more important than ever.
Bottom line: the first-party data companies collect and use must be complete and accurate across all of that organization’s digital properties. There is no longer the safety net that third-party data once provided. Your first-party data practices will either be a core source of competitive advantage or your biggest liability.
The Two Components of Data Quality
If you (or your company) are more nascent in your digital transformation journey, it can be easy to feel a little overwhelmed when approaching your data collection architecture. What makes data “high quality?” And how can you ensure data quality while maintaining compliance with the new regulations?
First things first. High quality, robust data needs to be two things: complete AND compliant. To understand why completeness and compliance are so important, consider that many of the current privacy regulations describe the need for “purpose specification” and “data minimization.”
Purpose specification essentially means that for any kind of collection of user data or personal information, the specific purpose for which it is being collected and used needs to be defined and transparent to your users. Furthermore, how you process that data is limited to those specific purposes.
Data minimization refers to the requirement that the personal data you can collect and process is limited to that which is absolutely necessary to accomplish the purpose for which it is being collected. In other words, the days when you can collect as much data as you want—and figure out how to use it later—are over.
You Need a Strategy for Your Data
Because you can no longer haphazardly collect as much data as possible, then decide how you’re going to use it later, it is critical to have a strategy. Without one, you run the risk of being left with incomplete data or falling out of compliance with the regulations.
To build your strategy, start by outlining your strategic business objectives. Once you have defined your purpose, figure out what data you need to achieve those outcomes. It is important to limit the data collection to that which is absolutely necessary to achieve your stated purpose. Then, make sure your data activities, from collection through operations, analysis, and segmentation are within the scope of those objectives.
By taking these steps to build your strategy, you help ensure the data you collect is complete. And, because you have verified that what you’re doing with the data is solely focused on achieving your strategic outcomes, you mitigate the risk of falling out of compliance.
There’s no getting around the fact that these regulations limit the amount of third-party data you can integrate or the proportion of users you can collect data from. That’s why it’s so important to create a solid foundation and strategy for what data you’re going to collect, and why it’s vital you shift your budget and your focus from third-party data to making the most of first-party data.
Shifting the Focus of Data Collection and Management
At this point, you’re probably wondering how to start collecting and using first-party data in an efficient, cost-effective, and compliant way. The key is to focus on three important areas: people, platforms, and processes.
Collecting and managing data (especially in terms of optimizing compliance and quality) has to become a cross-functional task across multiple levels of the organization. In the past, that role was generally owned by the analytics team, or maybe even the engineering team. Now, the number of people and teams involved should be much broader.
For optimal results, your marketers, compliance teams, analysts, and engineers should work together to identify the strategic objectives, then translate those down to the granular operations needed to achieve them. That way, the objectives get achieved, and the necessary privacy, compliance, and quality principles are maintained.
You should also take the time to evaluate the platforms you are using to observe user behavior on your digital properties, whether that’s to measure conversion, create audiences, or optimize campaigns. Define the platforms necessary for your goals (Google Analytics, Adobe Analytics, and so on), then expand out to other platforms (such as Google Ads, Facebook, CDPs, etc) as needed. It is important to limit the platforms in use to those which are absolutely necessary to achieve your business outcomes to limit the compliance risk.
Updating Your Data Processes
Of course, it’s not enough to just update roles and data platforms. You also need to look at your processes. Start by ensuring the processes you have in place allow you to remain compliant with the purpose specification and data minimization requirements.
A big part of this is reviewing any vendor you might be considering to help you collect and manage your first-party data. If you’re planning to use their software and/or hire them as consultants, it’s vital they understand your strategic business outcomes. That way, they can ensure those objectives are folded into the software’s overall architecture, so you get maximum value out of each engagement while minimizing the data collection to only what is necessary.
Once you’ve approved your new vendor and gone through onboarding, set up processes around how your different platforms are implemented and managed. Otherwise, there’s a high risk you won’t have complete data collection, or the data you do get won’t allow you to accomplish your objectives.
And, even if you do happen to get the data you want, without processes, it’s likely that what you collect will run afoul of the requirements for minimization under the purpose limitations. So, making sure your processes are solid, then testing them with your platforms to make sure everything is working properly, is critical to your overall success.
Finally, you need to implement ongoing monitoring processes. Things change on websites constantly: new platforms are introduced, there are modifications to the user experience, and new content and pages are added. Without continuous monitoring, you’ll have gaps in data collection and issues with data accuracy.
There Are Tools That Can Help
The recent regulatory changes have created a need for companies across all industries to shift their data collection and management practices. However, if you focus on identifying your strategic business outcomes first, then pivot your people, platforms, and processes to support those objectives, you’ll be able to get the data you need while remaining compliant.
There are tools out there that can help streamline your efforts. Tag Inspector, for example, can seamlessly audit and monitor the data collection architecture on your site, from where data is being sent to what data is being collected and processed by the different platforms you’re using.
Software like Tag Inspector can make adhering to today’s stricter data regulations much easier, while at the same time helping you ensure the level of data quality you need to excel in the marketplace. When used in conjunction with the foundational principles discussed here—especially people, platforms, and processes—it can help ensure your success in the new privacy-centric environment.
Interested in learning more? Contact us to discuss the first steps on your journey to a complete and compliant first-party data architecture.