×

How to Mitigate the Risk of Data Breaches Caused by Third Parties

Despite its limitations, third-party data is widely used by marketers to enhance the reach of campaigns and improve targeting, largely in conjunction with first-party data. With GDPR coming into effect in May this year, marketers are scrutinising the ways in which their third-party data providers collect and process data to ensure compliance. One of the cornerstones underpinning the GDPR, writes Ken Leren (pictured below), founder and CEO, Tech Essence, exclusively for ExchangeWire, is the universal requirement to obtain opt-in permission and be transparent about the way they use consumers’ personal data when doing so.

Under the new legislation, brands and third-parties are both responsible for compliance. If the brand (data controller) has explicitly given instructions to the third party (data processor), as well as carried out rigorous third-party compliance audits, then there's nothing to be afraid of.

In order for brands to sleep well at night, they need to make sure they work with compliant data suppliers and ensure third parties remain compliant.

Too many cooks spoil the broth

Ken Leren, CEO & Founder, Tech Essence

However, with many companies relying on multiple sources of third-party data, the challenge is not so much how to ensure compliance, but how to implement a streamlined and transparent approach to mitigating third-party risks and monitoring compliance at scale.

The benefit of third-party advertising is the speed and cost at which new customers can be found. However, no amount of new customers can offset the potential fines and reputational damage that non-compliance could yield.

Consider the following common scenario: in order to drive website traffic and acquire new customers, a brand partners with a third party, such as a DMP, that can identify lookalike audiences based on existing customer profiles. The brand then runs an email marketing campaign targeted to the audience provided by the third party.

The brand that has run that email marketing campaign to the new audience provided by the third party has no control over how the third party used consumers’ data or the third party’s ability to act in a compliant way in the face of a data breach. Put simply, the brand is reliant on the third party to have gained opt-in consent from the consumers to whom the emails have been sent.

However, because the brand has controlled the delivery of the email marketing campaign, it is the brand’s responsibility to ensure that the third-party data provider has gained first-party consent and are reliable custodians of customers’ personal data. This requires manual management and audits of third-party data suppliers on an ongoing basis, which is resource-intensive.

Remove the middlemen

The solution is to leverage the scale of third-party providers, but take ownership of the opt-in process, essentially removing the middlemen. Brands can do this by collecting first-party data transparently on third-party websites by offering voluntary user registration, thus generating their own database of first-party opt-ins.

Sounds simple, but now imagine you have 500 third-party providers. Taking ownership is simple, but it's still time consuming.

Furthermore, to make sense of first- and third-party audience data, and resulting performance, requires a single customer view. Creating this single customer view, when using multiple marketing channels, is both time consuming and expensive to create from disparate data sources.

Centralising the supply chain ensures that all third-party data flows through a single system that is compliant by design. In addition, cross-channel marketing automation saves time on campaign execution, data analysis, and reporting whilst providing deep insight into customer behaviour and performance that allows for rapid, precise campaign optimisation and, ultimately, better ROI.

There are also other benefits to centralising your supply chain and taking control of consumer consent for marketing campaigns. A clear line of communication with consumers about how your brand will use their data builds customer confidence, forging a reputation of integrity, reliability, and credibility which, ultimately, makes your brand and products more attractive to consumers and sustains customer loyalty.

What does the future hold?

In the year following the launch of the GDPR, we will see the marketing industry mature as ensuring and maintaining compliance with the new legislation becomes routine. As with many other advances we’ve seen over the past decade (marketing automation, programmatic, attribution, mobile, etc.) technology will play a vital role in the development of processes and optimisation.

Technology companies have already started to, and will continue to, build automated due diligence functionality that sits alongside media planning and buying functionality. Automation will bring time savings and will reduce the risk of human error, which is a good thing for marketers.

One final thing to keep in mind: automation will not remove responsibility, brands will always need keep this in mind when considering bringing any new technology into their marketing stack.