In the era of ubiquitous computing where even your home appliances can contact the service centers and open a maintenance request on your behalf, data of all sorts is getting generated in gargantuan proportions. This might sound like a boon to businesses and marketers as it provides a lot of data and information to be fed into analytics engines and generate valuable insights into most sought after KPIs like customer behavior and loyalty management. However, this boon also comes with significant responsibilities for maintaining the sanctity and privacy of this data which might be personally identifiable information of your customers as well as employees. In the wrong hands it can prove to be very damaging for the customers and in turn to the reputation of the companies who store such data. Regulators and governments have also identified the importance and the risks of such data leaks. Be it instances of customers of financial institutions losing huge amounts or alleged attempts of social engineering, are everyday news.
In such a scenario, the regulations that were created in the past like the Data Protection Directive of 1995 from the European union was created before companies like Google and Facebook came into existence. Law makers and governments soon recognized the fact and brought in new laws like the General Data Protection Regulation (GDPR) as recently as May 2018. If we specifically look at the GDPR, there are some significant enhancements over its predecessor, which includes but is not limited to:
- Transparency of data collection and utilization.
- Easy access for an individual to their data and the right to be forgotten.
- Audit trail to identify how and when a consent was given by an individual.
- Mandatory breach notification
- Independent role of a Data Protection Officer for companies above a certain threshold size and that process personal data.
- Consent of parents for processing a minor’s data
There are hefty fines to the tunes of millions or a significant fraction of a business’s turnover in case it fails to adhere to these provisions. These provisions help to enhance the data protection levels but also increases the challenges for businesses and their marketing teams. In such a scenario the responsibility of the data management and marketing tools increases manifolds.
How SAP C/4 HANA Marketing Cloud address these challenges and help marketers?
As the name suggests, SAP C/4 HANA Marketing cloud is referred to as the fourth generation CX product from SAP and incorporates multiple tools and techniques to address the regulatory challenges. Let’s take a look at some of the important features that make SAP Marketing Cloud one the most attractive solution in regards to resolving above mentioned challenges:
- Marketing Permissions Settings: The permissions settings control whether explicit permission of the contact/individual is required or an implicit permission can be assumed unless the contact opts out of the marketing communications. These permissions can also determine how much and what data can be stored from inbound channels of marketing communication including social media channels. These permission settings are based on the communication direction, country and the communication media used. However, there is a caveat here, these permission settings will be overridden by the explicit opt in/out by the contact/customer. Any unspecific setting is overridden by a specific one. Importantly these explicit permissions can also be imported via CSV uploads or OData services.
Below are the 2 types based on the communication direction:
A. Inbound Marketing Permission settings – These settings allow the business to decide how they listen to the customer data on various communication mediums and the country to which the individual belongs. Below screenshot shows the setting details.
Depending on the country, the communication media used for the inbound communication the permission can be set.
- No value in the permission fields means ‘No Restrictions’ on storing data.
- ‘1’ means contact interaction details can be stored but not the personally identifiable data. This disables any engagement possibilities with the contact but the interaction data can be used for analytics purpose.
- ‘2’ indicates the data cannot be stored in any form at all and has to be discarded.
Below flowchart illustration will further clarify the concept:
B. Outbound Marketing Permissions – These settings allow businesses to validate if an explicit opt-in is required to send marketing communication based on country and communication media. Below screenshot shows the setting details. If ‘type of consent’ is selected as ‘E’ it means explicit opt in is required and ‘I’ implies that implicit permission can be assumed to send communication.
- Subscriptions: Subscriptions allow marketers to store data related to the interests of a contact. A contact/customer can subscribe to newsletters, etc. and receive communication from the company.
- Contact Profile – Permission Marketing Tab: One of the very important point in most of the data regulations is transparency of data collection and audit trail of how and when consent was given. This has been achieved by providing visibility to marketers on the Permission Marketing tab where they can view all the marketing permissions given by the contact/customer as well as all the subscriptions data.Marketers can see if the opt-in was given explicitly or implicitly assumed by switching to the table view in this screen. As seen in the screenshot, the human figure on the opt-in illustrates that its explicit.
- Double Opt-ins: Double opt-in can be enabled to send confirmation emails to a contact/customer when they sign up or sign out of a newsletter/subscription. It can be of two types viz. email opt-in or opt-out and newsletter opt-in or opt-out. Email formats with confirmation links can be created in the in-built content studio. Double opt-ins make the process of gathering and storing data more transparent.
- Global Suppression Rules: By defining these rules, marketers can exclude contacts from communications based on contact’s previous interactions or campaign data. Contacts get excluded from campaign execution if they meet the criteria defined in the suppression rules.
- Communication Category Limit: This feature defined in the communication category setup helps the marketers set limit on the number of times a contact is communicated in a given period of type using that communication media.
Now that we have seen all the components of the marketing permission and opt-ins individually it’s time to summarize and see how these fit in and work together. We will also see where do these features fit into the marketing cycle. Below process flow gives a better idea.
All the enumerated features and their seamless integration makes SAP C/4 HANA Marketing Cloud an ideal option for organizations to manage their end to end marketing needs. In conclusion, I believe, data regulations are going to be more stringent in coming times as newer and advanced threats emerge but with a robust and exhaustive solution like SAP C/4 HANA Marketing Cloud will prove to be a marketer’s first choice.