Avast engaged Ataccama to deliver a complete customer master data solution to improve their customer experience and ensure compliance with the highest of data privacy standards (such as GDPR).
To boost the company’s customer-centric transformation and ensure the highest standards in the protection of the personal data of its customers, Ataccama was selected to build a customer MDM hub and provide data services to guarantee personal data protection rights for Avast customers.
This included the core rights afforded to citizens under GDPR, such as the right to rapid notification of a data breach, explicit consent, the right to erasure, and more.
Initial data challenges
Given rapid company growth through acquisition, Avast strived to achieve a single customer view. The company also faced tight deadlines given by GDPR regulation, and worked with significant data volumes, including:
- 435+ million monthly active users
- 1.5+ billion malware attacks to protect users from every month
- 200 billion URLs checked by the Avast Cloud every month
- A customer base across the globe, with 59 countries having a 1+ million customer base
- Build an MDM hub for customer data, consents, and metadata, including:
- A repository of core personal data about clients and registered users
- A repository of metadata
- Aggregation of customer instances from the contract level to customer level
- A repository of granted and revoked consents
- A key enabler for all GDPR rights (data access and portability, rectification, etc.)
- Develop MDM hub services and integration with a GDPR customer portal and numerous internal applications, in addition to GDPR evidence storage and provisioning.
Ataccama’s MDM hub solution had to be built within strict project deadlines given by GDPR regulation, requiring the solution to be live in less than five months (including analysis, design, delivery, and deployment phases).
Ataccama delivered all project requirements for the MDM hub and services within the strict five-month timeline, enabling Avast to comply with the highest standards for personal data privacy and protection. The customer data integration hub was implemented using different integration patterns, including online streaming using Kafka, web services integration with ESB, and batch and micro-batch integration using ETL.
The solution also fulfils requirements for data retention policies in line with legal and consent policies, and requirements for personal data pseudonymization.
The solution is being further enhanced towards a transactional MDM hub and complete customer master data solution. The Ataccama solution further supports improvements to the application landscape for next-level implementations of privacy-by-design.
Avast approached GDPR as a wider opportunity to build a lasting solution that would further benefit the organization and its customers, implementing advanced customer master data standards as part of their transition to an even more client-focused company. In addition to core customer data, the solution extends the customer MDM hub for storing all customer and communication channel consents.
Additionally, the solution is connected to a variety of systems, including e-commerce platforms, a CRM, a campaign system, a data warehouse and BI, and a data lake. For the purposes of GDPR, the hub also works as a business rule engine that evaluates customer requests (e.g. for the right to information or the right to be forgotten) and data aging, anonymizes or, respectively, pseudonymizes selected personal data, and orchestrates appropriate actions among all connected systems.