Demanding Data-Driven Marketing When the CRM Is Locked Behind a Political Firewall
Demanding Data-Driven Marketing When the CRM Is Locked Behind a Political Firewall

If your organisation is demanding data-driven decision making from a marketing team that cannot access the CRM, the problem is not a data problem — it is a governance problem dressed up as a technical one. The solution requires political intervention at senior leadership level, not a new analytics tool. Until someone with actual authority decides that marketing's access to customer data is a legitimate organisational need, no amount of dashboard-building will fix it.

That is the short answer. Everything below is the longer, more uncomfortable one.


Why Is Marketing Locked Out of the CRM in the First Place?

In my experience running digital transformation programmes across the public sector, financial services, and the third sector, CRM access disputes are almost never about data security. They are about control. The department that owns the CRM — usually Sales, Customer Service, or IT — has discovered that data is power, and they have no particular incentive to share it.

The justifications tend to rotate on a predictable schedule: GDPR compliance concerns, data quality issues, system stability, licensing costs. Some of these are legitimate. Most of them are the organisational equivalent of someone sitting on the last biscuit and claiming they were saving it for later.

A 2023 report by Gartner found that data silos remain the single biggest barrier to marketing effectiveness, with 68% of marketing leaders citing restricted access to customer data as a significant obstacle to campaign performance. This is not a niche problem. It is endemic.

What Does "Structurally Barred" Actually Mean in Practice?

There is a difference between being technically locked out (no system access) and being structurally locked out (access formally denied, escalations going nowhere, workarounds actively discouraged). The latter is the more serious condition.

Structural exclusion usually manifests as one or more of the following:

  • Access requests that get approved in principle and then silently expire
  • Data extracts provided on an irregular basis, in formats that require significant cleaning
  • A "liaison" arrangement where marketing must request data through the owning department, which introduces delay, interpretation errors, and dependency
  • Formal governance decisions — usually made without marketing representation — that classify the CRM as out of scope for marketing use

If any of those sound familiar, you are not dealing with a technical limitation. You are dealing with a political settlement that someone made, possibly years ago, and which has never been seriously revisited.


Is This a Leadership Failure, a Governance Failure, or Both?

Both. But they compound each other in a specific way that is worth naming clearly.

The governance failure is the absence of a data ownership and access framework that reflects the organisation's actual operating model. If marketing is expected to drive customer acquisition, retention, and lifetime value, then access to customer data is not a privilege — it is a functional requirement. Any governance structure that fails to recognise this is not fit for purpose.

The leadership failure is tolerating the resulting dysfunction without escalating it. When a senior leader simultaneously demands data-driven marketing and ignores the political barrier preventing it, they are — perhaps without realising it — setting marketing up to fail and providing themselves with a convenient explanation for why.

I have sat in enough quarterly business reviews to recognise the pattern: marketing presents with caveats ("our data is incomplete"), leadership expresses frustration, nobody mentions the CRM access issue that has been sitting in a ticket queue since March.


What Can Marketing Actually Do When Access Is Blocked?

This section is for the marketing leaders and practitioners who are living this problem right now and cannot wait for the governance review that has been "scheduled for Q3" since 2022.

Short-Term: Work With What You Have (Without Pretending It Is Enough)

The first thing to do is document the gap explicitly and formally. Not in a passive-aggressive email, but in a structured business case that quantifies the cost of the restriction. What campaigns cannot be personalised? What segments cannot be identified? What revenue is demonstrably at risk?

Making the cost visible in financial terms is the fastest way to move a political conversation. "We don't have access to the CRM" lands differently from "our inability to access the CRM is estimated to reduce campaign conversion rates by X%, representing approximately £Y in lost pipeline per quarter."

In the interim, consider these practical mitigations:

  • First-party data capture: Build your own data assets through consent-based mechanisms — forms, preference centres, email engagement tracking — that sit within marketing's own systems
  • Data clean rooms: Where full CRM access is blocked, negotiate a privacy-preserving data sharing arrangement using tools like clean room technology, which allows analysis without direct data exposure
  • Agreed data extracts with SLAs: If you cannot have live access, formalise a regular extract process with agreed timelines, fields, and quality standards — and hold the owning department to it
  • Third-party enrichment: Supplement internal gaps with external data sources where commercially viable

Medium-Term: Build the Political Case for Structural Change

This is where most advice stops short, because it requires acknowledging that the solution is not technical. You need allies, not just arguments.

Find the executive sponsor who benefits most from marketing performing better. In most organisations, that is the Chief Revenue Officer, Chief Commercial Officer, or equivalent. Present the business case to them, not to the IT governance board. The IT governance board will refer you to a working group. The CRO will call someone.

It also helps to understand the motivations of the department holding the data. Are they protecting data quality? Give them a role in defining the access standards. Are they worried about GDPR liability? Bring in your Data Protection Officer to provide a formal opinion. Are they simply reluctant to cede control? That is a management conversation, not a technical one, and it needs to happen at a level above both departments.

Long-Term: Fix the Governance Architecture

The permanent solution is a data governance framework that defines data ownership, stewardship, and access rights in a way that reflects the organisation's strategic priorities — not its historical power structures.

This typically involves:

  1. Appointing a Chief Data Officer or equivalent with cross-departmental authority
  2. Establishing a data governance board with representation from all major data consumers, including marketing
  3. Implementing a formal data access policy that ties access rights to business function, not departmental ownership
  4. Adopting a Customer Data Platform (CDP) — a system designed specifically to unify customer data across departments and make it available to marketing in a governed, compliant way

A CDP is not a magic wand. But it is a structural intervention that separates the question of "who owns the CRM" from "who can access customer data for marketing purposes." That distinction matters enormously in organisations where the CRM has become a territorial asset rather than a shared resource.


What Is the Real Cost of This Problem?

The direct costs are measurable: lower campaign conversion rates, poor personalisation, inability to suppress recent purchasers from acquisition campaigns (which is both wasteful and mildly embarrassing), and the overhead of maintaining parallel data systems.

The indirect costs are harder to quantify but arguably more significant. Marketing teams that cannot access data stop trying to be data-driven. They revert to intuition, historical templates, and the kind of creative-led decision making that was perfectly reasonable in 2005 but looks increasingly anachronistic now. This is not a character flaw — it is a rational response to a broken system. If the data is not accessible, you stop building your strategy around it.

According to research by McKinsey, organisations that effectively use customer analytics are 2.6 times more likely to have above-average profit growth than their peers. The inverse of that finding — that restricted access to customer data suppresses growth — is rarely stated explicitly, but it follows directly.


Comparing Your Options: A Practical Decision Framework

Approach What It Solves What It Doesn't Solve Effort Level Best For
Formal business case to senior leadership Escalates the political issue to the right level Does not guarantee resolution; requires a willing executive Medium Organisations where leadership is unaware of the impact
Negotiated data extract process Provides some data access in the short term Creates dependency; data is often stale or incomplete Low Buying time while structural fix is pursued
First-party data capture programme Builds marketing-owned data assets independently Cannot replicate CRM depth; takes time to build Medium-High Organisations with strong digital channels
Customer Data Platform (CDP) implementation Unifies data across systems with governance controls Expensive; requires organisational buy-in; not a quick fix High Mature organisations with budget and executive support
Data clean room arrangement Enables analysis without direct data exposure Technical complexity; limited to specific use cases Medium-High Regulated sectors with legitimate GDPR concerns
Data governance restructure Permanent, structural resolution to access politics Slow; requires significant organisational change Very High Organisations committed to long-term data maturity

What Should Leadership Do When They Recognise They Are the Problem?

This is the section for the senior leaders who have just had the uncomfortable realisation that they are both demanding data-driven marketing and tolerating the conditions that make it impossible. Welcome. It is not a comfortable place to be, but it is an honest one.

The first thing to do is stop treating this as a marketing problem. It is not. Marketing cannot resolve an inter-departmental power dispute by themselves. They do not have the authority, and they should not be expected to develop it.

The second thing is to make a clear organisational decision: is data-driven marketing a strategic priority, or is it a performance expectation with no corresponding structural support? Those are two very different things, and only one of them is honest.

If the answer is yes, it is genuinely a priority, then the actions are clear:

  • Commission a formal data access review with a defined output and timeline
  • Assign executive accountability for the resolution — not a working group, a named individual
  • Remove the political incentive for data hoarding by reframing data ownership as stewardship, not control
  • Consider whether the CRM ownership model itself needs to change — in many organisations, moving CRM governance to a central data function rather than a single department resolves the access dispute structurally

In my experience, the organisations that do this well are not necessarily the ones with the best technology. They are the ones where a senior leader looked at the dysfunction, called it what it was, and decided to fix it rather than manage around it.


A Note on GDPR and the "Compliance Shield"

GDPR is frequently invoked as a reason to restrict CRM access to marketing, and it is frequently misapplied. Under the UK GDPR and the EU GDPR, using customer data for direct marketing is a well-established and legally supported use case, provided the appropriate lawful basis exists and the data is handled correctly.

If your organisation's legal or IT team is citing GDPR as a blanket reason to prevent marketing from accessing customer data, ask them to provide the specific legal opinion in writing. In most cases, the restriction is not required by law — it is a conservative interpretation that has never been formally challenged.

This is not an invitation to ignore data protection obligations. It is a reminder that compliance should define how data is used, not whether it can be used at all. The two are quite different, and conflating them is a convenient way to avoid a harder conversation.


Frequently Asked Questions

Why won't IT just give marketing access to the CRM?

In most cases, the resistance is not technical — it is about control, accountability, and risk aversion. IT departments are often judged on system stability and data integrity, and sharing access introduces variables they cannot fully manage. The solution is to address those concerns directly, not to work around them indefinitely.

Can marketing be data-driven without CRM access?

Partially. Marketing can build meaningful data assets through first-party capture, web analytics, email engagement, and third-party enrichment. But without CRM data — which typically contains purchase history, service interactions, and account status — you are missing the most commercially relevant signals. It is possible to be data-informed without CRM access. It is very difficult to be genuinely data-driven.

What is a Customer Data Platform and how does it help with this problem?

A Customer Data Platform (CDP) is a software system that ingests customer data from multiple sources — including CRMs, websites, email platforms, and transactional systems — and creates a unified customer profile accessible to marketing. Because the CDP sits outside the CRM, it can resolve access disputes by creating a separate, marketing-appropriate data layer without requiring direct CRM access. Salesforce, Adobe, Segment, and mParticle are among the leading platforms in this space.

Is this a common problem in the public sector and charities?

Extremely common. In public sector and third-sector organisations, data silos are often more entrenched because departments have greater autonomy, budgets are fragmented, and there is rarely a Chief Revenue Officer whose interests align with resolving the dispute. The same dynamics apply, but the political landscape is often more complex and the commercial urgency less visible.

How do you make the business case for CRM access when you can't prove the ROI without the data?

This is the classic catch-22 of the access dispute. The answer is to use proxy evidence: industry benchmarks for personalisation uplift, case studies from comparable organisations, and the cost of current workarounds (staff time spent on manual data cleaning, campaign suppression errors, duplicate outreach). You are constructing a plausible estimate, not a certainty — and that is legitimate. Most investment decisions are made on that basis.

What if the CRM data quality is genuinely poor and that's why marketing is being excluded?

Data quality is a real issue, and it is sometimes a genuine rather than convenient reason for restricting access. If this is the case, the right response is a joint data quality improvement programme with marketing involved in defining quality standards — not indefinite exclusion pending a cleanup that never quite completes. Excluding marketing from the data does not improve its quality. It just means nobody is held accountable for fixing it.

How long does it typically take to resolve CRM access disputes through governance change?

Honestly? Longer than anyone wants to admit. In my experience, organisations that approach this as a governance project rather than a quick fix typically see meaningful progress in six to twelve months. Organisations that approach it as a political negotiation can spend years circling the same conversation. The difference is usually whether a senior leader has formally committed to a resolution or merely expressed support for the idea.


Nicholas Hodder is a digital transformation and technology leader with over 20 years of experience across the public sector, financial services, and the third sector. He has led data governance programmes, CRM implementations, and organisational change initiatives in organisations that ranged from genuinely excellent to magnificently dysfunctional. He is also a professional speaker and stand-up comedian, which he maintains are essentially the same skill set applied to different room temperatures.