Back to blog

Customer data platforms: The best choice in the post-GDPR landscape

Customer Data Platform Data management GDPR

Written by

Published August 13, 2020 · Updated April 11, 2024

Customer data platforms: The best choice in the post-GDPR landscape

This blog post was originally published on April 18th 2018 with the title “Customer data platform overtakes DMP in the GDPR compliance race”

Since the GDPR has come into force, navigating through the data ecosystem has become even more complicated. It has a tremendous impact on how organizations handle personal data. Consequently, it has also influenced the way companies use AdTech and MarTech software such as customer data platforms (CDP) and data management platforms (DMP). 

However, this isn’t a death knell for web analytics or digital marketing. Rather, it’s a shift in the sector’s approach to collecting and processing data. It’s a shift that requires you focus on getting the right platform. 

CDP or DMP? It’s a tough decision as they both offer useful functionalities and have their strengths. CDPs win in the current regulatory environment, however. In this post, we’ll show you the big picture of why CDPs yield the best results.

The customer data puzzle  

The goal of the GDPR is to restore control of personal data to users and customers. In  practice, this means that organizations engaged in gathering, storing and processing data about EU citizens have to adjust their policies as well as introduce serious technological changes to be GDPR-compliant. 

Data platform features and flexibility are key. But when it comes to GDPR, it’s even more important to know what kind of data your platform collects and crunches. 

There are many types of data and you need to know how to distinguish them. Each type of data is different and has different implications under the GDPR. 

The most significant and precious kind of information that you obtain directly from website visitors is first-party data. Your organization has complete control over that data. 

That’s also why first-party data is the main fuel for customer data platforms:  data about your customers which comes from your own sources, e.g. analytics software or CRMs. 

 If you want to dive deeper for differences between those types of data, take a look at our post: Why first-party data is the most valuable to marketers.

There’s also second-party data. That’s first-party data which you obtain from another organization (e.g. a company operating in the same space offering complimentary services or products). The information is initially gathered in the form of first-party data, then passed on to another advertiser through a partnership agreement. 

Finally, we have third-party data, which comes from various sources and eventually is sold to you by a third party. This type of data is usually used in DMP.

Data in the GDPR landscape

With the GDPR coming into effect, processing third-party data through cookies without consent became illegal. The regulation requires you to obtain explicit consent for processing personal data. Cookies are almost always a form of personal data. 

But it’s not only laws that are altering the landscape. Users themselves are becoming more aware of the risks they face and they want to take action. In 2018, 45% of customers in the EU declared they would erase their data from an organization that sold or shared it with outsiders. That’s telling evidence that DMPs might soon go the way of the dinosaur. 

In addition, privacy experts emphasize that tracking consent within third-party data relationships is troublesome because of the complex data flows between different entities. Also, although third-party data is often stripped of personally identifiable information (PII), it may still contain personal data, such as a device ID or IP address. 

The GDPR has made these things even tougher by broadening the definition of personal data. Much of the information included in third-party data falls under this definition. 

If you want to delve into the subject of PII and personal data, we recommend reading the post: What is PII, non-PII and personal data?

The trouble is that the third party doesn’t have a direct relationship with the person whose data is being collected. The question is about how to get consent. Under the GDPR you need to obtain direct and unambiguous consent from your customers in order to share their data with any third party or if you use data you bought from a third party. But this process becomes problematic since users have a choice, so it’s unlikely they’ll give consent in most cases. 

Furthermore, the GDPR introduces enhanced data subject rights, to data access, rectification, erasure and portability, among others. Respecting these rights with purchased third-party data becomes even more burdensome. 

Finally, the GDPR doesn’t have a “grandfather” clause, so third-party data gathered before May 2018 without GDPR-compliant consent becomes worthless. You are simply not allowed to use it.


Free comparison of 7 enterprise-ready customer data platforms

Get to know over 50 key differences to determine which platform fits your business needs best: Tealium, Amplitude, Exponea, mapp, Segment, mParticle or Piwik PRO.

Data management platforms vs. the GDPR

With the differences between these types of data explained, it’s time to talk about other technical aspects of CDPs and DMPs. Both come in handy for marketers by providing them with customer insights, but they work on different principles and offer different functionalities. Let’s start with the implications of using DMPs. 

DMPs were designed around the programmatic advertising ecosystem. Their job is to collect, classify, and categorize data, then segment it  to reach various goals. For instance, you could boost engagement with personalized content or improve the relevance of display ads. They also function as data warehouses. 

That said, data management platforms work mostly on third-party data. This is their biggest drawback with regard to the GDPR. But a few steps are needed to process data and stay on the safe side. 

You need to sign a data processing agreement with your DMP vendor and only process the data of users who have submitted consent (as stated in Article 7 of the GDPR). Make sure that you have a mechanism in place to delete the user’s data when the data provider receives such a request. 

Also, when you sign up with a DMP vendor, make sure the source of their data is a reliable and legal one. 

Get more details on preparing a DPA, check out our post: Data processing agreement: 7 elements every DPA should have.

Most DMP vendors let you buy third-party data from them. Either those vendors will adhere to the GDPR and require their data providers to obtain appropriate user consents, or they won’t offer data of EU users. There’s also a risk that DMP suppliers will ignore the problem and simply do nothing. This kind of negligence would put anyone using their data at risk.

On the other hand, if you upload third-party data to process it using a DMP, you must remember that as a data controller, you still need user consent to process it. This is your responsibility. In order to stay compliant, DMP vendors use various contracts and policies requiring their customers to use only data that was obtained with consent. 

Have a look at how Google addresses the matter of sharing third-party data in their EU user consent policy: Properties under a third party’s control.

If personal data of end users of a third party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate’s or your client’s control and whose operator is not already using a Google product that incorporates this policy.”

All that said, handling data with a DMP is definitely more complicated under the GDPR.

Customer data platforms on the rise

Now imagine that you can steer clear of all this trouble and still achieve your goals. The good news is that there is a platform that ticks all the boxes. It’s called a customer data platform and it’s a hot topic among digital marketers and advertisers. 

A CDP is “an integrated customer database” according to Gartner. CDPs allow marketers and analysts to unify a company’s data across digital channels, in order to create a better customer experience.

Vendors of DMPs, CRMs and other data warehouse tools will make similar promises, selling benefits such as “unified customer data.” CDPs are better at dealing with customer data, however. Let’s find out why.

CDPs are great for the GDPR-compliant marketer, as they’re driven by first-party data, a key advantage over DMPs. The data you collect about customers probably also falls under the definition of “personal data”, which demands special consideration in light of the GDPR and ePrivacy regulations. 

Your organization gets this data directly from customers and prospects who give you explicit permission to use the data. Having such consent means you meet the regulatory requirements. 

Furthermore, first-party data means that the information you collect about your consumers is precise, accurate and reliable. That translates into increased marketing effectiveness, as you’ll be able to run tailored campaigns that resonate with your target audience. 

#1 – CDPs work primarily on first-party data

#2 – CDPs let you create a single customer view

CDPs allow you to collect, import and organize different types of data from a wide array of sources, such as:

  • an advertiser’s web and mobile analytics tools
  • form submissions
  • CRM
  • mobile web or apps
  • sales calls
  • transactional systems
  • interaction with a support team

You can then merge these pieces of information into a single customer view. It provides a complete overview of your user and their behavior across your digital products. 

It allows marketers to better understand their customers and prospects. This helps you adjust your offer to consumers’ needs and optimize their journey with your brand. 

Second, with a CDP you not only connect data and create a precise customer profile, but also make the data available to other systems. DMPs are based on third-party cookies as the key identifier for user profiles, which means they can become obsolete if a user deletes their cookies. CDPs will give you more reliable user-level data that will last longer and be updated more regularly.

#3 – CDPs are marketer-friendly

Another important attribute of CDPs is that they are managed by marketers. While traditional marketing databases, usually a data warehouse, were designed with IT professionals in mind, a CDP allows marketers to operate more independently. 

That’s a significant advantage over DMPs, which are usually handled by an external agency that manages media buys and provides other advertising-related services. 

It’s vital that marketers don’t need to deal with complex technical implementations, but are able to integrate customer data on their own. CDPs let marketers react faster while running and testing campaigns, without waiting for a biweekly or monthly briefing from an agency.

The future of customer data management

The GDPR has brought numerous changes to the digital landscape. CDPs are in the best position to adapt to the new landscape and grow with it. If you’re collecting and analyzing customer data, CDPs are worth a look to get more out of that data while staying compliant with new, strict regulations like the GDPR. 

We know this post covers only the most essential aspects of a complex issue. Still have questions? Don’t hesitate to reach out to the Piwik PRO team. 


Karolina Matuszewska

Senior Content Marketer

Writer and content marketer. Transforms technical jargon into engaging and informative articles.

See more posts by this author