Back to blog

Customer Data Platform Overtakes DMP in the GDPR Compliance Race

Data management

Written by

Published April 18, 2018 · Updated August 20, 2019

Customer Data Platform Overtakes DMP in the GDPR Compliance Race

With the GDPR waiting just around the corner to come into force, the debate continues to rage over its influence on organizations and their data ecosystem. What we do know is that it will have a tremendous impact on how personal data is handled.

Consequently, it will also influence the way organizations use AdTech and MarTech software like CDPs or DMPs. However, this isn’t a death knell for web analytics and digital marketing. Rather, it’s a shift in the approach to collecting and processing data, and it requires you focus on getting the right tool.

The upcoming regulation means you might be facing the problem of finding the software that best fits your needs while letting you handle data lawfully. CDPs or DMPs, what’s the difference?

It’s a tough decision as both tools offer useful functionalities and have their strengths. In this post we’ll show you the big picture so you can grasp why CDPs yield the best results.

GDPR and technology go hand in hand

The goal of the new regulation is to restore control of personal data to users and customers. In practice, it means that organizations engaged in collecting, storing, and processing data about EU citizens have to adjust their policies as well as introduce serious technological changes to be fully GDPR compliant.

First and foremost, it’s vital to focus on robust software. But when it comes to GDPR, it’s even more important to know what kind of data your software collects and processes.

The data puzzle

As you operate in a vast digital landscape, your platform lets you gather first-, second-, and third-party data. Each type of data is distinct, and you need to know how to distinguish them particularly when it comes to processing and staying compliant with GDPR. To make the picture a bit clearer, we will focus on first- and third-party data as they cause the most concern.

The most significant and precious kind of information that you obtain directly from your website’s users is first-party data. Crucially, your organization owns this data and is responsible for it. First-party data allows you to create precise user profiles. It’s also fuel for Customer Data Platforms.

If you want to dive deeper for more details on first-party vs. third-party data, take a look at our post: Why First-Party Data is the Most Valuable to Marketers.

There’s also second-party data. That’s first-party data which you obtain from another organization (e.g. a company operating in the same space offering complimentary services or products). The information is initially gathered in the form of first-party data, then passed on to another advertiser through a partnership agreement.

Finally, we have third-party data, which comes from various sources and eventually is sold to you by a third party. This type of data is usually used in Data Management Platforms.

For now, processing third-party data through cookies without any consent is legal. However, GDPR will bring some serious changes to that. The regulation requires that explicit consent be obtained for processing personal data. Cookies are covered by this category.

But it’s not only legal regulations that are altering the landscape. Users themselves are becoming more aware of the risks they face and they want to take action.

45% of customers in the EU declare they would erase their data from an organization that sold or shared it with outsiders, as revealed in PegaSystems survey.

That’s telling evidence that DMPs might soon go the way of the dinosaurs.

In addition, experts are concerned that tracking consent within third-party data relationships will be troublesome because of the complex data flows across different parties. Moreover, as the Regulation has no grandfather clause, third-party data gathered before May 2018 without GDPR-compliant consent will be worthless. You simply won’t be allowed to use it.

Also, third-party data is information often without the common identifiers (personally identifiable information) that would allow you to match the data to a particular user. As a result, it’s possible to share it between parties without putting anyone’s legal compliance at risk.

The third party doesn’t have a direct relationship with the person whose data is being collected. It could be just an email address or phone number.

And here comes the trouble. This type of data causes the most concern when it comes to privacy. GDPR will make things even tougher by broadening the definition of personal data. Much of the information included in third-party data falls under this definition. As a result, cookies fit the definition as well.

These changes mean you will need to obtain direct and unambiguous consent from your customers in order to process their data and pass it to external parties. However, users aren’t obliged to give that consent, so it’s rather unlikely you’ll receive it. All in all, collecting such data threatens to be extraordinarily problematic.

If you want to delve into the subject of PII and personal data, here’s a great post about it: What Is PII, non-PII, and Personal Data?

Customer Data Platform vs. Data Management Platform

Learn over 25 key differences between Customer Data and Data Management platforms and decide which of them will be a better fit for your business

Download FREE Comparison

Why CDPs are on the rise

Now that we understand the differences between these types of data, it’s time to grasp the implications of using CDPs and DMPs before you choose one of them. Bear in mind while that these platforms come handy for marketers by providing them with customer insights, they work on different principles and offer different functionalities.

DMPs were designed around ad networks and the programmatic media buying ecosystem. Their job is to collect, classify, and categorize data, then segment it and finally use it to achieve various goals. They also function as data warehouses.

That said, data management platforms work mostly on third-party data. This is their biggest drawback with regard to GDPR. But it’s possible to process data and stay on the safe side. Wondering how? A few steps have to be taken.

You need to sign a Data Processing Agreement with your DMP vendor and process only data of users who have submitted consent (as stated in Article 7 GDPR).

Also, when you sign up for a DMP vendor, you should make sure the source of their data is a reliable and legal one.

Most DMP vendors let you buy third-party data from them. Here’s the stumbling block: either those vendors will adhere to the Regulation and require their data providers to obtain appropriate user consents, or they won’t offer data of EU users. There’s also a risk that DMP suppliers will ignore the problem and simply do nothing.

On the other hand, if you upload third-party data to process it using a DMP, you must remember that as a data controller you still need user consent to process it. This is your responsibility. So, in order to stay compliant DMP vendors use various contracts and policies forcing/requiring their customers to use only data that was obtained with consent.

Have a look at how Google addresses the matter of sharing third-party data in EU user consent policy: Properties under a third party’s control.
If personal data of end users of a third party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate’s or your client’s control and whose operator is not already using a Google product that incorporates this policy.

All things considered, handling data with a DMP will definitely become more complex and problematic under GDPR.

Now imagine that you can steer clear of all this trouble and still achieve your goals. The good news is that there is a platform that ticks all the boxes. It’s called a Customer Data Platform (CDP), and it’s the hot topic among digital marketers and advertisers.

A CDP, which Gartner calls an integrated customer database, allows marketers to unify a company’s data fragmented across all digital channels, then use it to make a better customer experience.

CDPs are a great tool for the GDPR-compliant marketer, as they’re driven by first-party data. This a key advantage it has over DMPs. This legal aspect is crucial. The data you collect probably also falls under the definition of personal data, which demands special consideration in light of GDPR and the ePrivacy Regulation. As we’ve already mentioned, you own first-party data so you’re responsible for its security and safety. That’s why it’s vital you choose a vendor who meets these requirements.

For more information on these new EU regulations and how they affect digital marketing, follow our blog:

However, there are other considerations that put CDPs in the spotlight. The first-party data a CDP collects gives you a complete view of your customer journey including both on-site and off-site touchpoints. As a result, you can create precise customer profiles and segments to enhance the journey.

To be more precise, the data is collected by one company and used solely for their purposes. This means you can skip the process of hashing and removing personal information. In this way you can generate a single customer view. The platform allows you to garner data from a wide array of sources like:

  • an advertiser’s web and mobile analytics tools
  • form submissions
  • CRM
  • mobile web or apps
  • sales calls
  • transactional systems
  • interaction with a support team
  • and many more

So with a CDP you’re able to integrate data, create a complete customer profile, and make the data available to other systems.

That’s also why CDP prevails over DMP. DMPs are based on cookies and create only temporary user profiles as cookies are rather short-lived not persistent. What’s more, instead of user-level data it rather centers on categories and segments.

Another important attribute is that CDPs are managed by marketers. To put it more precisely, by the internal marketing team, which significantly improves their agility. Marketers react faster in running and testing campaigns without waiting for a biweekly or monthly briefing from the agency. As CDPs are operated without help of the IT department, your marketing team can work independently and won’t be blocked by any external party.

That’s a significant advantage over DMPs, which are usually handled by an external agency that manages media buys and provides other advertising-related services.

Customer Data Platform vs. Data Management Platform

Learn over 25 key differences between Customer Data and Data Management platforms and decide which of them will be a better fit for your business

Download FREE Comparison


The upcoming GDPR will change a lot across the digital landscape. It can spur you to provide customers with access to data, as well as to improve their trust in you. The key is to choose a tool that aids you in this undertaking, like a CDP.

It lets you connect all your sources of customer data, linking it to specific people and using deterministic matching to ensure that those links are accurate. On top of that, you are aligned with dynamic and stringent privacy regulations, which means you won’t put the trust of your customers at risk.

We know this post covers only the most essential aspects of a complex issue. Still got some questions? Drop us a line and we’ll get back to you right away.

Contact us


Karolina Matuszewska

Content Marketer

Content Marketer at Piwik PRO. Transforming technical jargon into engaging and informative articles. LinkedIn profile

See more posts of this author
New Call-to-action