GDPR, Data Security and Digital Strategy at Episerver Ascend
For my final installment of interviews from my experience at Episerver Ascend 2018, I have a couple more Episerver executives to bring their thought leadership to the conversation, an expert on data security to weigh in on both the GDPR and the ways in which a person can best protect themselves out there in the digital world and finally, an interview with a partner who gives an alternate but similar commentary on the ins and outs of deploying digital business strategy with Episerver, much like the thoughts of the customers we spoke to as well.
GDPR with Episerver’s First Female C-Suite
Just yesterday, Episerver shared the encapsulation of the efforts they have made and the stance they have taken leading up to rapidly approaching enforcement deadline of the EU’s General Data Protection Regulation (GDPR) on May 25, 2018. Within the text, their hiring of former Microsoft veteran Sue Bergamo as not only their first female to join Episerver’s C-Suite but to lead the charge of Episerver’s security, compliance and governance initiatives as their new CIO and CISO. As a noted authority on the GDPR, I was eager to sit down with her at the event to hear her thoughts:
Being a modern marketer, I consider data a very important ally in my marketing decisions and knowing I am only one in a crowd of many with that thought process, I am always eager to ask the experts how they view marketing will change in the wake of the GDPR. Sue brought up her initial thought that marketing would get a lot harder but as she explains, in conversation with Episerver’s VP of General Counsel and Global Data Protection Officer Peter Yeung, that isn’t necessarily the case: “what he likes to say is ‘no no turn that around, it’s really about being more concise in their marketing intent’, and when you’re dealing with European citizens that you’re very transparently and clearly asking for them to give consent to use their personal identifiable information to do targeted marketing campaigns for them.”
Since we are now within a month of the deadline, it might be foolishly optimistic to think every business that could be affected by the GDPR has sufficiently prepared but for the sake of reality, I asked Sue her key steps for businesses to get themselves as ready as they can: “First and foremost is to get knowledge around the regulation, it is very very large, it’s very complex and it’s unclear but, I think the big points are have a governance program in place, clearly understand the regulation and then there are certain things you need to do around your data processing agreement, your DPAs with your vendors, your data assessments, impact assessments around personal identifiable information and then there’s the SAR, or the Subject Access Request and so you have to be able to respond to a SAR and these are really the biggest components about the GDPR that you need to know in order to get prepared.”
Data Security and Password Protection with Troy Hunt
To kick off the afternoon sessions on the first day of the event, Troy Hunt, Microsoft Regional Director, Author at Pluralsight and Founder of ‘Have I Been Pwned’ led an informative and highly entertaining session all around data security so following this, I was excited to sit down with him to continue the GDPR conversation with his thoughts:
One of the things he brings up is how reasonable the premise of the GDPR: “it’s funny in a way because a lot of the preparing for the GDPR is things we really should’ve been doing anyway. One of the big headlines that people latch onto with GDPR is the fines, so the headline is that it’s 4% of the gross annual turnover, worldwide too interestingly enough, so people that are very concerned about that need to obviously be taking measures to avoid that eventuality where they do have a data breach and the bit I sort of hesitate on is well, you kind of should’ve been doing this anyway. Aspects of it like that I think are very very reasonable and shouldn’t be a new imposition. I guess the things that make it a bit more interesting are things like the right to access for information, right to erasure, this is going to lead to other processes and policies that need to be in place.”
During Troy’s keynote, I especially loved his focus on how something as simple as a password is commonly overlooked as an important consideration to protect one’s own personal security online. I brought this question of preparedness up with him because over the past few years, with media picking up more and more data breaches and bringing them into public conversation, there seems to me to be more of a focus on the big bad companies misusing data and preying on consumers like it’s out of our hands when really, as individuals there are ways to build awareness and mindfulness surrounding our safety as citizens in the digital world. He gives great commentary on passwords, password management, certifications and the like but his last point, brings to light something I think many people do really without thinking much of it: “The really good, practical common sense stuff is just be really careful about what you digitize. Anything you digitize has a much greater risk of being leaked than things that might be in the analog and a good example that comes to mind is things like children’s toys that record their voices and send them to the internet. I wouldn’t give my kids that, I would give them LEGO to play with because we have precedence of children’s toys recording voices, being sent to the internet and being leaked publicly.”
Episerver’s Own Customer Experience Strategy
At the event, there was a great focus on brands strategizing and enriching the experience of their customers but many of the businesses learning and engaging in the event experience was in fact, a current or prospective customer of Episerver themselves. Who better then to inquire with on that side of things than Episerver’s Chief Customer Officer himself, Chad Wolf:
Knowing how important the voice of the customer is to an agile brand like Episerver, I figured Chad was the best person to ask not only on how they get that information but how they put it to use: “The voice of the customer is an important piece of feedback, we try to do the feedback on the product side really around use cases and what is happening in the industry. The voice of the customer also helps to drive the quality of our services and support, helps us drive our partner channel so we can share those real life things, good and bad. The voice of the customer program we’re really stepping up in 2018, it’s really trying to bring together to full view of the customer life cycle from a quality perspective.”
Finally, every vendor knows they have a responsibility in regards to the success of their own customers but when I posed this question to Chad, true to the transparency Episerver is known for, for part of his answer he went quite granular in his explanation: “Part of our duty is to make sure our services are always on, that the problems and questions that are brought to us are answered in a very effective and very efficient manner and so we try to structure our teams, in fact we get quite scientific around even how we schedule support staff so we have by the hour trending across the world and we flex the way our support teams work form that perspective. We have a duty to make sure we’re available to our customers, that we are always on, that our 24/7, 365 support models meet their needs.”
Episerver Partner Discusses Digital Challenges
Having heard from Episerver executives and customers, I was keen to chat to someone who worked with the organization and platform as an Episerver Partner, working with clients to realize their digital business goals so I sat down with Jake DiMare, Head of Marketing at Luminos Labs to hear his take:
First and foremost, he brought forth a few points key to their event: “Luminos Labs is exclusively an Episerver partner and we are very focused on the digital commerce aspect of things and what’s exciting is you really see Episerver making good on the promises as far as their roadmap is concerned. All these products are coming online, piece by piece, and I think that was really smart, to take it a chunk at a time, and pull it together but in the background everything is integrated. So you can come up with some personalization in perform, and use that same data someplace else, it’s impressive. In general, when you think about some of the bets they’ve made, Episerver Perform for instance, AI driven product recommendation. One of the biggest problems that we’ve seen is year after year after year, people are buying into these big experience platforms, no matter what company we’re talking about behind the technology the experience platform itself is like a box of Lego. You pour it out on the table and ask ‘what do I do with this?’, so Episerver says ‘hey, here is a case study that makes a lot of sense, product recommendations you can show a lot of results from that, throw some AI behind it and get it to work and be very practical about it and go to market that way.’ And it was a big hit, no surprise when people are using it and they’re getting results so I think 2018 is going to be really exciting with them. I love to hear that part of their strategy for this year is to say ‘we’re not going to add a lot of new features, we’re going to work on perfecting the features we have and helping people adopt them.”
When I attend events, partners are great to connect with because just as I can ask customers the ways in which they’re utilizing the platform, I can chat with partners to really tap into the common challenges they’re finding their clients are facing out there on the digital landscape, adapting to the rising expectations of the online experience and getting a more objective feedback on the usefulness of platform since usually, they’re familiar with more than one that are quite comparable. I posed this question to Jake, and he gave a nod to a common struggle of an incumbent brand doing their best to avoid being eclipsed by their younger counterparts: we have a lot of clients that in B2C retail, and on that side we have a tendency to work with the incumbents, the organizations that have been in business a while and they're starting to make digital transformation a priority and in that case, you're dealing with a lot of the typical challenges for organizations like that. Slow to respond, means they're behind the eight ball in terms of if you're comparing them to the digitally native vertical brands, they're playing catch-up. Which is a tragedy because they were there first so they’re dealing with that stress and anxiety. That said, we have the opportunity to work with a lot of people who are not just grudgingly saying okay we have to deal with this digital transformation problem, they’re enthusiastically embracing it and it’s a joy to work with that because they’re realistic about what it takes and they understand the most important thing in my experience is, digital transformation is no longer this thing that has a beginning and an end. Integrating a new system digital commerce, ecommerce platform into your environment is one of many steps that is just going to on and on and on and the changes are accelerating. Expectations are set by the leaders in digital, it doesn’t matter whether you’re head to head with Amazon and customers expect that level of experience so that’s another big challenge.”
Laura Myers
A digital business, marketing and social media enthusiast, Laura thrives on asking unique, insightful questions to ignite conversation. At an event or remotely, she enjoys any opportunity to connect with like-minded people in the industry.