SAP-owned Gigya offers a new GDPR-friendly consent tool
But that and two other identity/profile tools only apply to known users.
Last September, enterprise software firm SAP announced it was buying identity management platform Gigya.
The acquisition raised some questions. Gigya allows users to automatically sign into participating websites with their social network logins and make their social profiles accessible to those sites if they chose.
Since this independent identity manager would now become part of an enterprise software giant, the main question has been whether user data and privacy would be compromised. For its part, SAP is casting the Gigya acquisition as a way to help users gain “transparency and control over their data.”
While that question is still on the table, SAP Hybris has announced three new Gigya-oriented tools — SAP Hybris Consent, Identity and Profile — for managing personal data in the age of the upcoming General Data Protection Regulation (GDPR).
The key GDPR-related new product is Consent. It captures user consent across customer lifecycles, allows that consent to be revoked by the user and makes the consent particulars available throughout SAP Hybris’ marketing and commerce platforms. The consent data can also be made available to other, third-party applications that are integrated with SAP.
But it’s not yet clear how consent will be offered for other software released by SAP outside of Gigya, marketing and commerce. More importantly, Gigya only asks for consent when it asks you to sign up or sign in — that is, when you become a known user.
The sample consent form demoed to me appears at first to be a standard email signup form. To see consent options, you have to enter the link for Privacy or Terms of Service. Gigya CEO Patrick Salyer told me that client companies can, of course, modify this flow or wording if they so choose.
He also pointed out that the Gigya identity management platform only tracks known users. But do other parts of the SAP platform, such as marketing, track unknown users? He said he didn’t know, but assembling data from unknown users in a way that can point to an individual can also violate GDPR.
The Profile product offers a single view of the customer, including customer identity, profile attributes and other system data, and Identity provides secure customer registration and login with authentication options, federation standards and single sign-on.
These reflect Gigya’s previous identity management functionality, but in a SAP environment and with such GDPR-friendly additions as consent tracking and the ability for users to update or delete their data.
SAP Hybris is certainly aware that consumers are increasingly valuing their personal data. A study it conducted [registration required] last year of 20,000+ consumers worldwide found that the top reason consumers leave brands is the use of data without their knowledge.