The end of third-party cookies is set to transform targeted advertising; changing how companies collect and store customer data. Here’s how you can manage the change without disruption.

 The massive increase in online activity due to the coronavirus pandemic has created a customer data gold mine that advertisers and marketers can leverage to better tailor their campaigns. But as of 1 July 2021, accessing, and making use of, this personal information is set to get a little bit more complicated. Why? Because that’s when businesses need to start complying with South Africa’s Protection of Personal Privacy Act (POPIA), which sets out various conditions that must be followed in order to lawfully process personal information.

Global and local privacy legislation like the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA) dictates that for brands to use this personal data, there needs to be an element of customer consent. With the power now sitting in the customer’s hands, individuals have greater control over how their data is collected and used. But what does this mean for brands and advertisers who have predominantly been using third party cookie data to identify consumers and track their online activity?

While POPIA does not explicitly regulate the use of cookies, these “online identifiers” do fall under the definition of personal information. As such, how we use cookie data is set to fundamentally change; particularly relating to the collection of third-party data.

Third-party cookies allow advertisers to track users as they move across the Internet and target advertising at these individuals wherever they go. “With global privacy legislation gaining traction, the likes of Google and other providers are fundamentally changing how they use cookie data to collect customer related information. Subsequently, third party cookie data becomes less relevant and first party data – rich data around an individual’s behaviours; actions and interests demonstrated across online properties – becomes significantly more powerful,” explains Marc Emert, Customer Experience Sale Lead for SAP Africa.

Add a dash of customer data management

Privacy legislation like POPIA doesn’t prevent you from collecting customer data, continues Emert. But it does mean that any data collection must be done in a GDPR/POPIA aligned manner. “Going forward, while you’re collecting this rich, contextual data that can be used for marketing engagements and targeted advertising, you need to also make sure that you’re collecting the consent directly from the customer. If a marketer or brand is sending something to a consumer, they’re sending it because that person has opted in to receive it.”

SAP’s Customer Data Cloud (CDC) solution makes the process of gaining this consent easier, he adds. “With CDC, marketers and brands can gather first party data from customers across various digital channels and make sure that they are also securing consent throughout the engagement process. Customer provided consent is then integrated into an existing automated marketing solution, which delivers one-to-one personalisation at scale and is based on trust.”

CDC also makes progressive profiling possible, adds Emert. As a customer engages with a brand, they’re being asked to provide different pockets of information about themselves, he says. So, while I’m selling a mother a certain type of baby formula for her new-born, I’m gaining insights that allow me to market other products to this mom as her baby grows up.  “Basically, you’re progressively collating more and more first party data that can be used to engage with customers broadly and through different stages of their lives.” And the results speak for themselves.

SAP’s CDC has helped a global academic and educational publisher manage the data of over 4.5 million users and achieve 100% GDPR compliance in 40 countries. And in just four months, a German supermarket chain got up and running on the SAP CDC system, centralising omnichannel customer data to GDPR standards and boosting membership to their loyalty programme by 25%.

“Similarly, for three years the Technology Centre of Excellence team in Wunderman Thompson South Africa has been using SAP’s CDC solution to do just that”, notes Niel Mouton, MD of Wunderman Thompson Technology SA. “Home to over 4,000 technology specialists across the globe with 54 technology centres in 33 countries, we support forward thinking businesses to design, build, run and operate digital programmes wherever they are.”


“With the onus in a cookieless world now falling on brands to collect and build their own first party data, Wunderman Thompson has used SAPS’s CDC solution across 30 implementations for brands like Nestle Purina, Bayer Pharmaceuticals, Colgate and the International Olympic Committee (IOC).  Our teams used SAP CDC to create customised solutions for their clients, allowing these businesses to collect first party data, while protecting privacy and complying with personal information legislation,” he continues.

According to Mouton, conversations around privacy, data collection and POPIA/GDPR centre around trust, which is fitting because the Wunderman Thompson partnership with SAP is also about trust. “With SAP, we can trust the quality and standard of the product. There are no teething issues on a product as mature as this. All we have to do is understand the client’s business need and adapt the SAP product to their requirements.”

While Mouton admits that it would be possible to be compliant without a solution like CDC, it’s near impossible for enterprise businesses like banks or pharmaceutical companies to manage the scale of personal data they’re dealing with, while keeping their customers and their business safe, without an automated offering.

Customer experience has become a major market differentiator. The following white paper highlights why modern businesses need to understand the importance of customer identity. Click here to find out more.