Neil Davey is the managing editor of MyCustomer. An experienced business journalist and editor, Neil has worked on a variety of newspapers, magazines and websites over the past 15 years, including Internet Works, CXO magazine and Business Management. He joined Sift Media in 2007.
Thanks for your thoughts, Steven. I guess one of the challenges for CX teams/programmes/leaders, is to have enough autonomy to be able to - for instance - define what its own function is, rather than having its purpose dictated by the CEO/CMO/etc. But can they get that autonomy until they've followed and delivered on these company expectations in the first place? Bit of a chicken and egg scenario perhaps?
There's no mention of pseudonymous data there, however.
My understanding is that personal data that has been pseudonymised can fall within the scope of the GDPR
depending on whether the party holding it has access to the key, plus how difficult it is to attribute the
pseudonym to a particular individual.
Hi Michael, I've found nothing more on this to date. I will update here if I find/hear anything that contradicts my original response, though. Thanks Michael.
Thanks for your query. My understanding here is that the organisation should be clear in its privacy terms/statement how it will use customer data, and as part of this it should confirm if it will retain a record of deletion (which may include an email address). Similarly, it should be stated if an unsubscribe from a newsletter is recorded and retained.
But even these records of deletion should probably be deleted after a certain amount of time.
I will try to look into this further and should I find anything more to this, I'll post here.
It's a good question, Phil. I'll look into this for you to try and get some clarity on this. I *believe* that you only need to confirm that that their request for erasure has been complied with, rather than provide them with all the information you held on them, as you would need to do if you received a subject access request (https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...).
In short, it appears that you can keep some details, in order to prove that a transaction/relationship existed. The example being that you may need to keep some customer details (i.e. their order details) in event that there could be a complaint that you need to deal with.
My answers
Thanks for your thoughts, Steven. I guess one of the challenges for CX teams/programmes/leaders, is to have enough autonomy to be able to - for instance - define what its own function is, rather than having its purpose dictated by the CEO/CMO/etc. But can they get that autonomy until they've followed and delivered on these company expectations in the first place? Bit of a chicken and egg scenario perhaps?
Thanks Gangadhar - I hope you have a great 2020!
Hi Ralph, you can find more information here: https://hire.withgoogle.com/public/jobs/zegocom/view/P_AAAAABlAAByKvdNus...
Thanks
Hi Rajeev, you can find it as part of the series, and also here directly:
https://www.mycustomer.com/resources/cem-maturity-model-a-framework-for-...
Thanks Rajeev.
Interesting stat, Jamie. Could you possibly share the source? Would be interested in quoting this in forthcoming work. Thanks Jamie.
Hi Umran,
The ICO's recommendations on this can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...
There's no mention of pseudonymous data there, however.
My understanding is that personal data that has been pseudonymised can fall within the scope of the GDPR
depending on whether the party holding it has access to the key, plus how difficult it is to attribute the
pseudonym to a particular individual.
The ICO's official line on pseudonymised data can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...
Thanks
Hi Michael, I've found nothing more on this to date. I will update here if I find/hear anything that contradicts my original response, though. Thanks Michael.
Hi Michael,
Thanks for your query. My understanding here is that the organisation should be clear in its privacy terms/statement how it will use customer data, and as part of this it should confirm if it will retain a record of deletion (which may include an email address). Similarly, it should be stated if an unsubscribe from a newsletter is recorded and retained.
But even these records of deletion should probably be deleted after a certain amount of time.
I will try to look into this further and should I find anything more to this, I'll post here.
It's a good question, Phil. I'll look into this for you to try and get some clarity on this. I *believe* that you only need to confirm that that their request for erasure has been complied with, rather than provide them with all the information you held on them, as you would need to do if you received a subject access request (https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...).
Hi Nick, your query should be answered here:
https://ico.org.uk/for-organisations/guide-to-data-protection/principle-...
In short, it appears that you can keep some details, in order to prove that a transaction/relationship existed. The example being that you may need to keep some customer details (i.e. their order details) in event that there could be a complaint that you need to deal with.