CMO vs. DPO: The War Over Data Protection Within Your Organisation

<- Back to all Blogs
4 min Read   |  Published: Tue Jun 2 2020

From understanding market trends to connecting with customers, and improving internal processes, data is incredibly important for organisations of every size. However, thanks to the global data regulations now in place, there’s a natural tension between collecting, using and storing data and protecting your business from costly and reputation damaging data breaches. In larger companies, this friction is often personified by two people: the chief marketing officer (CMO) and data protection officer (DPO). One wants to protect data, the other wants to use it.

At Trunomi, we don’t think this tension needs to exist – and with the right technology, those two sets of aims can coexist in harmony. In this blog, we explain how.


The DPO’s job is to ensure that the company is compliant – no matter what, ensuring compliant data collection and handling practices of staff, customers and partners. This often causes contention with the marketing department whose job it is to use the businesses data to gain leads and sell products.

New data protection legislation has already landed this year with the CCPA in California and is due to come into force, including the LGPD in Brazil. Data must be compliant under laws in the jurisdiction it was collected in, the jurisdiction the company is based in, as well as wherever the person it was collected from is a citizen in. And it must also be compliant under the local laws of whatever country any data is moved into. That means there is plenty of hurdles for the DPO and the CMO to overcome.

As anyone who has studied this changing landscape knows, it’s not just about being compliant with one regulation, it’s about ensuring compliance with a whole range of overlapping and potentially contradictory laws right around the world. That compliance can change on a case by case basis, making any company-wide policy redundant. In this situation, it’s easy to see why the DPO’s response is to lock down and protect the data their business uses. Yet, for the marketing team, that’s simply not an option. So, how do you ensure you can continue using compliant data?

Thinking differently about data protection

Much of the problem with compliant data collection is essentially one of resource. For each data point, companies need to record a whole range of information about the data: when it was collected, for what reasons, with whom it’s going to be shared and much more. And equally importantly, the marketing manager needs to be able to identify which consents and permissions are about to expire under relevant laws, so they can proactively reach out for permission to be renewed. This ensures that vast swathes of the marketing lists don’t simply disappear overnight when personal data expires.

Companies simply don’t have the resource to manually record all this information and cross reference it with all the relevant global data protection laws. But technology isn’t bound by resource. What’s needed is a solution that allows the CMO a global view over all the data consent and permissions they hold, and under which jurisdiction it’s legal to use that data and how.

From there, compliant marketing is simply a case of selecting the compliant contacts and releasing the marketing material. It’s precisely this that Trunomi allows.

A new approach with Trunomi

At Trunomi, we take a different approach to data protection. Using our patented TruCert and TruID technology, companies can ensure that all the relevant information about personal data is automatically recorded and cross referenced with the relevant laws of any jurisdiction.

Trunomi has completely reinvented the way businesses deal with personal data. We don’t think that it needs to be copied or reproduced in any situation. The CMO shouldn’t have to see a copy of compliant contacts in order to send out marketing material to them. They should just be able to select compliant leads in a relevant jurisdiction and send out the information, without having to see it. In doing so, risks of breaching regulations are eliminated.

What’s more, absolutely none of your information is stored by us. Only metadata passes through our environment, in the form of TruCert™ and TruIDs, which are cryptographically hashed to the standard of the USA’s National Security Agency (NSA). That means we don’t see, process, or have any access to your sensitive personal data.

With Trunomi, both the jobs of the DPO and CMO are simplified by technology that makes data compliance easy. That means the DPO doesn’t have to micromanage every data based process in the company, and the CMO no longer has to second guess every marketing email they send or lead they chase up. Suddenly, data conflict becomes a thing of the past.

If you want to find out more about our exclusive, patented technology, get in touch with the Trunomi team today.

Read Also

Build Trust With Risk-Free Customer Data Management Platform

Build Trust With Risk-Free Customer Data Management Platform

In our data-led world, building trust is quickly becoming the most crucial component for business success. Trust with customers. Trust...
You Don’t Need Personal Data to Build a Personal Service

You Don’t Need Personal Data to Build a Personal Service

The arrival of Global Privacy regulation and its enterprise-wide implications means that businesses are building Privacy as a service, not...
The Commercial Potential of Enterprise Data Privacy

The Commercial Potential of Enterprise Data Privacy

Compliance with Data Privacy regulation is now a universal reality for businesses. It is rare today that a business is...