How To Implement Identity Resolution And Privacy Compliance With An Identity Graph In A CDP

Digital fingerprint with a string of numbers as an identifier surrounded by a gold and white design that resembles a computer chip.

One critical best practice when setting up a customer data platform (CDP) is to implement comprehensive identity resolution logic that is fully aligned with the given consent of the customer. And a good way of doing that is maintaining an identity graph.

Tracking and maintaining relationships between identifiers is crucial in managing data across various source systems. An identity graph serves as a valuable tool for formalizing the implementation of these relationships, accommodating multiple identifiers within a single environment. Moreover, it enables the establishment of connections not only between identifiers of individual customers, but also between individuals themselves, which is particularly valuable in B2B scenarios where understanding the affiliation of individuals to specific companies is essential.

An identity graph serves as a highly adaptable and efficient method for organizing and managing information. It enables storing consent alongside relevant identifiers, ensuring a clear understanding of the data and its authorized usage for activation purposes. By incorporating this data into the overall data structure, you can ensure that your automation processes and activities align with customer consent, thereby upholding privacy and compliance standards. 

A well-structured identity graph offers the advantage of quickly and reliably identifying whether a visitor or customer is new or returning, which is valuable for various marketing strategies. This information can be quickly communicated to the marketing platform for optimization purposes. Additionally, the identity graph plays a significant role in maintaining audiences accurately, particularly when consent is implemented. It enables the timely updating of audiences based on changes in consent or additional behavioral patterns, ensuring that the right individuals are included in the appropriate audience segments.

Some other interesting parts here are that, as a best practice, you can utilize nice features like dynamic data masking in a data warehouse to make sure that people, analysts, and data scientists don’t have access to data that they should not be able to see. And also, of course, automated scanning and discovery of PII data. You can use Google’s Data Loss Prevention or similar services from other providers for that. This is an automated process to make sure that you are compliant with regulations. 

You can use real-time data to do more accurate targeting in a CDP to ensure that everything is up to date. The framework is able to handle that in real-time and update the proper fields that you need, either in your real-time data store or in a real-time no SQL datastore such as Google Cloud Datastore, or in your analytical data store, such as Snowflake. 

Use your real-time data ingestion framework to implement the identity resolution logic that is fully aligned with the given customer consent. I have added an example of a project for a media company below. We designed and built a custom CDP, and one of the responsibilities of the CDP is maintaining the audiences that can be shared with the different brands and the different channels that are used by this media company. So in this implementation, the identity resolution and the consent that can be given via several channels, are being collected and managed in the central layer in the CDP. This way, analytics and channel communications are always compliant. Also, the customer and the customer service department are enabled to see where the consent was given and apply GDPR customer rights such as preferences and the right to be forgotten. These preferences will then automatically be deployed for analytics and activations.  

In the end everything is automated. In this we are sure that we are fully compliant with the regulations based on the consent that is given. 


An identity graph serves as a highly adaptable and efficient method for organizing and managing information in areas of consent management and for new and returning customer recognition, both for customer and business contacts. By using an identity graph in a CDP, you can ensure compliance with data privacy regulations and implement identity resolution logic that is fully aligned with the consent of the customer.

Jan Hendrik Fleury
Jan Hendrik Fleury
Jan Hendrik Fleury is CCO of Crystalloids, a boutique data cloud engineering company. He is also a teacher at Beeckestijn Business School and a chairman of the Data-Driven Marketing Association in the Netherlands.