A crowd of people cross a busy intersection with simulated face scans across each anonymous face.

How to Choose the Right Customer Data Platform (CDP) for Data Protection & Privacy Challenges

Cory Underwood
CIPT, CIPP/US, Analytics Engineer
Feb 25, 2021

Choosing a Customer Data Platform (CDP) in this ecosystem of rapidly shifting privacy regulations can be challenging. Here are three things to consider when choosing the right CDP for your business.

A Customer Data Platform is software that integrates, harmonizes, and unifies your customer data, turning it into a strategic asset and enabling you to create more compelling and relevant customer experiences.

A Customer Data Platform can almost seem like a magical way for companies to store and utilize customer data based on the volumes of marketing material out there. However,  there are challenges to selecting the right CDP in the age of privacy because it needs to serve your marketing needs and meet privacy regulations. You’ll need to investigate several critical features of potential CDPs before signing that contract.

Let’s take a look at three common use cases imposed by recent privacy regulations. For each of these use cases, evaluate a given CDP’s capabilities based on how easy or difficult it is for the platform to comply. This evaluation is important, as some privacy regulations dictate—by law—that turnaround must happen within a specific number of days. In short, learn the regulations and ensure your CDP sets you up for success and compliance.

1: The Right of Disclosure

Various laws, ranging from the California Consumer Protection Act (CCPA) to Europe’s General Data Protection Regulation (GDPR), legally require that you be able to provide a collection of all data you have on the user upon verifiable request.

A CDP can be a lifesaver here, assuming the source system (website, point of sale system, call center, etc.) sends user information to the CDP in the first place.  It’s much easier to export the required information from a single system (or platform) than to mix several extracts. So, when considering a CDP in light of privacy regulations,  it’s imperative to select a CDP that allows easy extraction of data into various formats. The CDP should be able to extract the data in totality (all data ever recorded) or in a specific time range because both use cases apply in different scenarios.

2: The Right of Deletion

Various laws (such as the CCPA and GDPR mentioned above) also allow the consumer to delete all information (this does not apply to specific information needed for other purposes, such as a record of gun sales, for example).  So, the CDP should have the mechanics to flag specific fields as persistent.  All other data, upon verification, should be subject to deletion, removing them from the CDP database.  We recommend keeping an audit log of this transaction style to provide evidence, should a court ask,  that you completed the request.

3: The Ability to Opt-Out

Some laws (such as the CCPA) require that the user have the ability to request opting out of the sale of their personal information. With the CPRA law (pending in 2023), this will extend to the sharing of data as well.  If Kate wants to opt out, the site must respect that.

This means that the CDP selected should have a flag that can be updated to filter the automated extracts of data sent downstream to other partners (such as the marketing email program) to remove the data in question. This selective data removal can be tricky because some systems need the ability to email the user (such as in account service situations). So, it requires proper planning to set up and configure the CDP to have a marketing and non-marketing understanding of the user.

There may be more requirements than above that apply to your specific situation. Search Discovery can help you both uncover and resolve privacy challenges related to selecting or enhancing your CDP.

Selecting a CDP need not be stressful. We're here to help!  

Cory Underwood
CIPT, CIPP/US, Analytics Engineer

Cory Underwood is a certified data, analytics, and security expert with more than a decade of experience leading strategies across website development, optimization, and data compliance. As Senior Lead Analytics Engineer at Further, he develops security and privacy strategies for both the internal team and our clients. Cory is dedicated to teaching others the value of data through his blog and numerous speaking engagements. In his free time, Cory can be found playing video games, cooking delicious BBQ meals, or practicing his woodworking.


Read More Insights From Our Team

View All

Take your company further. Unlock the power of data-driven decisions.

Go Further Today