The GDPR special edition of MEF’s eBulletin series, supported by CLX Communications, highlights the perspectives of the diverse MEF membership and experts on their path to preparing for GDPR compliance.
Here, Fabien Venries, Head Of Privacy & Marketing Stream – Data Strategy & Governance At Orange discusses the daunting challenge of meeting the obligations of GDPR for a complex organisation the size of Orange group, as well as the cultural changes necessary to successfully implement the new regulation. Download the eBulletin for more unique articles and insights now.
Coming less than one month from the GDPR deadline, the entire Orange Group is mobilized to comply with the new regulation. As for a lot of large companies, Orange is facing challenges related to IT transformation and the ability to easily change processes in a heterogeneous environment. That’s because the Orange Group is made up of more than one hundred companies, each with its own governance, platforms, databases and CRM systems and each with a history, sometimes fully digital, that has evolved over the time through thousands of projects.
Examining the Orange value-chain
As a mobile operator, we are dealing with very sensitive information related to our customers, such as their call history, location information, etc.
We started by doing the map of personal data, current processing activities, gap analysis and the teams of our different affiliates are now working on the internal legal record of processing activities to finalize the implementation of the new consent screens, setting dashboards, new legal documents, terms and conditions and contracts.
Within the 8 European countries where Orange is operating, more than 150 people are working more or less on the GDPR implementation, including IT, Marketing, HR, Internal Communication, etc.
We are also adding processes for our sub-processors, messaging aggregators for example, to clarify the roles and responsibilities and reinforce the audits of their own compliance.
GDPR means cultural change
The protection of our customers’ data has been a strong value within and cornerstone of Orange’s mission well before GDPR. Our offers based on data, such as Flux Vision, a solution for the analysis of population flows, rely on strong anonymization and aggregation mechanisms that have been validated by the French Authorities.
That said, there are areas of GDPR that require the company to effect cultural change in how we handle and store personal data internally. Our different affiliates have launched or are about to launch their training programs, created guidebooks and tutorials, so that all employees, from the product owner to customer care operatives, and other operational teams, embrace the principle of personal data protection at their own level.
For example we explain the importance of not storing personal information about the customers on notepads, and to delete any data as soon as possible.
The GDPR will be the starting point of a new era of data-driven marketing and customer experience in which we all have to build a different relationship with customers that is even more transparent.
However, teaching Orange customers on how to navigate these changes will also be a challenge in respect of the habits and different cultures across our countries. As well as providing them with the tools and interfaces that can help them manage their data, it is also imperative to educate them in how to appropriately apply their consent, their sharing and their rights as individuals.
It is only with those conditions in place that we will be able to innovate effectively and provide the best services, whilst unleashing the power of artificial intelligence, bots and personal assistants to benefit their journey and engagement. In time, we feel that this change of spirit will reach other continents as well, particularly in Africa and Middle East where we operate in 21 countries with 121 million customers.
Download the free GDPR Ebulletin now
With unique insight and analysis on enterprise messaging, permission and consent, the monetisation of personal data post GDPR, customer profiling and cultural and behavioral changes, the GDPR special edition eBulletin provides an invaluable glimpse into how businesses are meeting their obligations under the EU’s new data protection regulation, and how they see the industry in a post-GDPR world.
MEF’s GDPR eBulletin is available now