GDPR profile stores

GDPR profile stores

While GDPR will significantly impact key aspects of your business, it also reveals opportunities for success

How to connect with your customer: GDPR & profile stores

The General Data Protection Regulation or GDPR is a set of privacy rules enforceable within the EU as of 25 May 2018. They are designed to protect personal data provided by employees, customers and suppliers by granting increased rights to data subjects. Profile stores, which centralize customer data usually scattered across the organization, make it easier for companies to comply with GDPR, while also enabling them to offer an omnichannel experience.

In our data-obsessed times, privacy is a hot topic more than ever. For companies, however, having access to customer data is essential to providing customized experiences. But where do we draw the line? What personal data can we request for marketing purposes, and how should we go about it? These and many other questions are answered in the General Data Protection Regulation (GDPR). And while the answers will significantly impact key aspects of your entire business – from IT to organizational structure – they also reveal opportunities for success.


GDPR distinguishes between three roles:

  • The data subject: a natural person whose personal data is processed by a controller or processor.
  • The data processor: the entity that processes the data on behalf of the controller.
  • The data controller: the entity that determines the purpose, conditions and means of personal data processing and use.

Key changes

A couple of the most important changes in GDPR are:

  • The right of the data subject to be forgotten, the right to rectify information, and the right of data portability (e.g. transferring your personal data to another company).

  • Companies will have to keep a detailed record of all processing activities: which data is recorded, with whom it is shared, and what safety precautions have been taken.

  • Furthermore, they will have to offer full transparency and accountability in order to be able to respect the data subject rights mentioned above.

  • In case of a data breach, companies will have to notify the supervisory authorities and the affected individuals within 72 hours.

Non-compliance to GDPR can result in fines of up to EUR 20 million or 4% of the annual turnover – whichever is higher. In short, GDPR will have a major impact on most companies. It will require them to rethink their corporate structures, customer strategies and IT architectures.

GDPR is also a strategic opportunity: it levels the playing field and offers a simple set of rules for customer data

Profile stores and strategic opportunity

There is no reason to despair, because the stringent rules that come with GDPR actually offer a major opportunity as well. Most companies these days find it challenging to communicate clearly with customers. GDPR levels the playing field and offers a (relatively) simple set of rules companies can follow to clean up customer information and make it accessible. In this way, it makes it easier for businesses to cover the basics of setting up a successful omnichannel customer strategy.

A way of ensuring that customer information is up-to-date and centralized for easy access is through profile stores. In many companies, customer data is still scattered across different departments, namely sales, marketing, and customer service. This makes it difficult to be transparent about which customer data you have and how it is used, let alone ensuring customers their ‘right to be forgotten’. Profile stores, which are often cloud-based, offer not just a 360-view of the customer, but also make it easier to comply with GDPR.

Change management

The biggest risk of non-compliance with GDPR isn’t technology, however, but people. No matter how safe your system is, if employees with access (processors) don’t handle data correctly, all efforts will have been in vain. That’s why, in addition to adapting your technological architecture to the new rules, it’s also important to create awareness and provide end-user training for any new guidelines or applications.

Make your tech landscape GDPR-ready

At delaware, we deploy a 7-step methodology to make your company GDPR-ready. Our team of experts boasts the most up-to-date knowledge and has a strong background in privacy regulation. The goal is to develop the most sustainable solution for your company that embeds privacy into its fabric and existing tools. Our biggest advantage? We’re not tied to a specific solution, but are dedicated to developing a tailor-made solution based on your existing tech landscape.

How we can help you

  • Create awareness through workshops, business games and quick scans
  • Define improvement programs and offer vision, strategy and roadmaps
  • Execute transformation at your company
  • Build your business process architecture, monitor it, and train your people

Why choose delaware?

  • We offer a structured approach
  • We offer end-to-end solutions
  • We collaborate closely with your team
  • We have 15 years of experience in business transformation in numerous industries

Related content