Why a single customer view (SCV) is important for PoPIA compliance
A single customer view links all information you hold about a customer – including contact information, demographics, risk data, regulatory data and business activities. Whilst we talk here about customer, in the case of PoPIA we may similarly create a single view of suppliers and employees.
The complexity of modern businesses means that the old goal – a single record per customer – is probably unattainable. Big companies may literally hold customer data across thousands of differing systems, each with their own variations and uses. Even small businesses may hold customer data across multiple systems – including a CRM, a billing or accounting platform, email platforms, marketing systems, BI solutions and the like.
Modern master data management solutions leverage technologies such as virtualisation and
A metadata management capability is useful to map customer data and its uses across multiple systems. However, this still leaves businesses with challenges in accessing and updating customer data.
PoPIA and the SCV
PoPIA brings a new set of challenges that are near to impossible to meet without an accurate customer view.
These include:
- Section 16 Quality of information
- A responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
- In taking the steps referred to in subsection (1), the responsible party must have regard to the purpose for which personal information is collected or further processed.
Again, maintaining customer data quality across multiple systems and environments can be difficult. An SCV provides a single reference centre to monitor and enhance data quality. An SCV may even be used to provide customers with a portal to update and maintain their own data, saving on operational costs and improving the customer experience.
- Section 23 Access to Personal information
-
- A data subject, having provided adequate proof of identity, has the right to
-
-
- request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject; and
- request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information—
- within a reasonable time;
- at a prescribed fee, if any;
- in a reasonable manner and format; and
- in a form that is generally understandable.
-
-
- A data subject, having provided adequate proof of identity, has the right to
Without an accurate SCV it can be next to impossible for companies to comply with this provision, and to prove that they have done so. The SCV should provide a single interface to reference all data held about a customer and provide a reference to prove full disclosure as requested.
-
- If, in response to a request in terms of subsection (1), personal information is communicated to a data subject, the data subject must be advised of the right in terms of section 24 to request the correction of information.
Similarly, the SCV can provide a single point of entry to update customer data across multiple target systems. The SCV not only simplifies maintenance of data, it also helps to ensure consistency of data across the enterprise.
- Section 69 Direct marketing by means of unsolicited electronic communications
- The processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless the data subject—
- has given his, her or its consent to the processing; or
- is, subject to subsection (3), a customer of the responsible party.
If you’re relying on customer consent for any aspect of your business, then you need to be able to prove how and when each customer gave that consent. It’s not enough to just assume that they opted in at some point in the past.
You can even put the customer in full control of the messages they receive by setting up a Permissions Centre, allowing your customers to manage their own preferences. A permissions centre improves the customer experience whilst reducing operational costs.
A SCV ensures that customer permissions and preferences are maintained across systems and business units, ensuring compliance and proof of same.
- Section 71 Automated decision making
- Subject to subsection (2), a data subject may not be subject to a decision which results in legal consequences for him, her or it, or which affects him, her or it to a substantial degree, which is based solely on the basis of the automated processing of personal information intended to provide a profile of such person including his or her performance at work, or his, her or its credit worthiness, reliability, location, health, personal preferences or conduct.
- The provisions of subsection (1) do not apply if the decision—
- has been taken in connection with the conclusion or execution of a contract, and—
- the request of the data subject in terms of the contract has been met; or
- appropriate measures have been taken to protect the data subject’s legitimate interests; or
- is governed by a law or code of conduct in which appropriate measures are specified for protecting the legitimate interests of data subjects.
- has been taken in connection with the conclusion or execution of a contract, and—
- The appropriate measures, referred to in subsection (2)(a)(ii), must—
- provide an opportunity for a data subject to make representations about a decision referred to in subsection (1); and
- require a responsible party to provide a data subject with sufficient information about the underlying logic of the automated processing of the information relating to him or her to enable him or her to make representations in terms of paragraph (a).
The single customer view can help to ensure that automated decision making solutions are working with the most accurate data possible, and help to provide the data subject with an understanding of how the decision was made, and what data supported it.
What to look for in a SCV solution
SCV solutions have come a long way since their debut nearly 20 years ago.
Some of the key factors you should consider include:
- Flexible deployment options – on-premise or in the cloud.
- Flexible options to connect data across siloes – including data virtualisation – to deploy rapidly
- Start small and add without worrying about scalability, design or performance.
- Leverage NoSQL technologies to rapidly add data from different data sets without worrying about data modelling.
For more information click here.