All Nippon Airways (ANA) is Japan’s largest airline and one of the top ten largest airlines in the world. Following the implementation of the EU's General Data Protection Regulation (GDPR) in 2018, and the California Consumer Privacy Act (CCPA) in 2020, ANA wanted to act fast to comply with new privacy standards and rapidly emerging new regulations. With millions of site visitors from all over the world, a reputation for exceptional customer experience, and an accelerated timeline for deployment, ANA needed a consent solution that was not only secure and compliant but also flexible and easy to deploy.
Facing this increase in data privacy regulation, both at home and abroad, the team at ANA decided that they wanted to be ready to comply with the new wave of privacy regulations within a year. With the goal of making their global website GDPR compliant as soon as possible, ANA began evaluating SaaS solutions for the fastest possible implementation.
Security and compliance were top priorities. “We were looking for a solution that could help us comply with the personal information protection laws in each country and handle the customer data on our website in strict confidence,” said Kenta Fukuda, a member of ANA’s Information Security Platform Strategy Team.
A flexible UI was also high on the list of selection criteria. ANA’s cookie banner would be displayed for hundreds of thousands of customers every quarter, and in keeping with the brand’s promise of top-notch customer experience, stakeholders at ANA wanted a solution that would be highly customizable for different screen and device types and would provide a positive customer experience.
Finally, ANA needed a solution that would be fast to deploy and would be capable of sorting and managing tags automatically.
When implementing a new consent-management tool to a website, it's usually necessary to go through a lengthy process to research and categorize all of the tags used on the website, before you can begin to deploy the consent-management system, which takes a huge amount of time. Because of their accelerated timeline, ANA needed a solution that could automatically discover and list the tags on the website and let the marketer handle tag categorization and consent management, all in one portal.
ANA evaluated several consent management platforms but struggled to find a solution that could meet both their stringent compliance needs and their need for a quick deployment process.
“At first, we weren't sure that such a solution existed, until a vendor we worked with for years suggested Ensighten, and we contacted Underworks, their agent in Japan," said Shinya Saito, of ANA's Marketing Solutions Department.
"We had two other candidate solutions, but with Ensighten, it was easy to customize the user’s consent banner, there was no need to list and categorize tags ahead of use, and it was easy to manage tags after Ensighten's initial categorization," said Saito. "Of the solutions we evaluated, Ensighten was the only one able to categorize tags and cookies automatically, so when it was decided how the project was to proceed, Ensighten was the only option.”
Ensighten's capability for zero-cookie load, where no cookies or tags are fired before the consumer has given their consent, in compliance with the GDPR and other privacy regulations, was also a selling point.
“Some overseas airline companies were being fined under the GDPR for data breaches and non-compliance, so we understood the importance of taking measures to deal with global privacy laws. Knowing that Ensighten had already been used by many companies around the world, and was highly regarded as a security and personal information protection tool, we felt our customer data was well protected," said Shinya Miyake, manager of ANA's Information Security Platform Strategy Team.
ANA was able to have Ensighten fully deployed, customized, and running across their digital properties just three and half months from their initial selection of the tool.
“We haven’t noticed any issues at all after launching Ensighten," said Fukuda. "We're happy to say that we now have a fully GDPR-compliant consent-management system on our website.”
"Ensighten is a very useful tool for us. So far, we've implemented Ensighten for dozens of countries’ websites, and the consent management banner displays many different languages according to country," said Saito.
Beyond simply using Ensighten as a Consent Management Platform, ANA has also leveraged the platform's capabilities for client-side security and tag management.
"We've already started using Ensighten’s function for monitoring and controlling third-party tags," said Miyake. "When we see suspicious behavior or a sudden increase in the number of website visitors, we are able to use Ensighten's tag data for investigation purposes."
"We are continually finding new ways to use Ensighten as a website security tool so that we can protect our company’s information asset from website attacks.”