Posts Tagged ‘gdpr compliance’

Compliance is Not Optional

The roots of the term “compliance” were first used in the early 1600s when, according to the Merriam-Webster dictionary, complying meant being ceremonially courteous. Today, it involves much more than courtesy: in fact, it is often central to keeping your company out of financial and legal trouble. And it is a big part of the life of any data manager nowadays.

If you contact prospects or customers from a database, your business faces a host of regulations regarding the privacy, security and data quality of their data. These rules touch on areas such as unsolicited marketing contacts, phone and email messages, whether you are maintaining fair lending practices, and much more. And in some cases, the penalties for non-compliance can be severe.

Here, I would like to look at some of the biggest compliance issues our customers face, and how we support best-practice strategies for managing your compliance risk. Let’s start by breaking down three of the biggest areas of regulation businesses are likely to deal with regarding contact data.

TCPA

If you do outbound marketing or customer contact by telephone or text messaging in the United States, you are subject to the Telephone Consumer Protection Act (TCPA), a Federal regulation designed to protect consumers – particularly wireless users – from unsolicited marketing contacts. Penalties for violations can be as high as $1500 per call or text message, and many familiar firms have been subjected to multi-million dollar fines in recent years.

Our DOTS GeoPhone Plus service is specifically designed to help ensure TCPA compliance for your phone contact records. First, it verifies the subscriber’s name, so you can check it against your contact records. Second, it tells you what type of line it is (landline, wireless, VOIP) and, if ported to a new line, the date of porting – this is important, because if a wireless number changes hands from your contact, you only have a 14-day “safe harbor” under TCPA to stop sending messages to the new owner. Finally, it provides other important information such as SMS/MMS data and SIC codes for business numbers.

GDPR

If you have marketing or business contacts with residents of the European Union, these now fall under the strict General Data Protection Regulation (GDPR) data privacy laws that took effect in 2018. These new rules encompass areas including making sure contacts explicitly opt-in, giving contacts control over the use of their personal data, and restricting unsolicited marketing. Penalties for non-compliance can range as high as 20 million Euros or 4% of annual turnover, whichever is greater.

Our global address validation tools can help you maintain GDPR compliance by flagging contacts who reside in Europe, and also automate compliance with GDPR Article 5 by producing a Certificate of Accuracy (COA) for each of your contact records, to assist with potential compliance audits. We also offer a free GDPR data assessment on request.

CAN-SPAM

The US CAN-SPAM act prohibits sending unwanted commercial email, such as mailing to a harvested address, with penalties ranging up to $42,530 per email. CAN-SPAM compliance largely starts with your business processes, ensuring that your contact email addresses have opted in to receive commercial email from you. Our DOTS Email Validation service can enhance your email marketing efforts and protect your sender reputation by ensuring these addresses are legitimate, as well as flagging potential spammers, fraudulent email addresses, spam traps and honeypots, and much more.

Building an infrastructure for compliance

With a tip of the hat to Merriam-Webster, compliance is about much more nowadays than bowing and curtsying to the king. In fact, it is about more than simply complying with regulations: it is also about having the infrastructure to prove compliance and back it up with data. This is one area where an ounce of prevention is worth more than a pound of cure, with the use of real-time tools to validate your contacts and procedures, as well as leveraging these tools to prepare for future compliance questions or audits.

Accurate Contact Data and Compliance

If you are a data professional, the word “compliance” has become a bigger part of your vocabulary than ever lately. Data privacy laws have proliferated in recent years, risks and potential penalties for violations have increased, and customers and prospects are more aware of their rights than ever.

These laws all have one thing in common: the need for accurate contact data. In this article, I would like to give you an overview of why validating your contact data assets, at the time of data entry and prior to contact campaigns, is the single most important best practice you can implement to mitigate these compliance risks. Let’s look at three of the biggest compliance areas today:

1. Marketing permission

We are increasingly part of an opt-in world, where unwanted marketing contact is often heavily penalized. The wrong email address can run afoul of the CAN-SPAM Act, bad contact data can violate the strict opt-in provisions of GDPR, and texting to a cell phone that has changed hands violates the US Telephone Consumer Protection Act (TCPA).

Few companies intentionally set out to violate laws like these. Instead, violations often occur organically as a result of data quality issues. Bad data comes into your system at the point of entry, contact data changes over time, and existing contacts change roles. Avoiding these preventable risks is one reason why a proactive approach for having clean contact data is central.

2. Breach notification

Something goes wrong. Your customers’ data falls into the wrong hands. How quickly could you notify each of these customers about what happened?

In the aftermath of recent data privacy laws, ranging from the European Union’s GDPR regulation to the Federal HIPAA act for electronic health care data, breach notification has become a key compliance concern for data professionals worldwide. According to this article, such data breaches represent one of the most likely sources of legal exposure, from both individuals and data protection authorities. And breaches themselves have proliferated to the extent that one source even features an “incident of the week.”

This is one area where accuracy AND responsiveness matter from a compliance standpoint. In the former case, risks include failure to notify affected individuals as well as liability for being out of compliance. In the latter case, speed of response is increasingly becoming a matter of law: for example, GDPR requires businesses to “communicate high-risk breaches to affected data subjects without undue delay.” Both cases require rapid access to accurate, up-to-date contact data.

3. Communications with customers

This article from Forbes Magazine points out that an effective data privacy framework starts with a dialogue with your customers. Building trust – and preventing regulatory complaints – requires having accurate channels for communicating your policies and responding to customer feedback.

Mitigating your compliance risks

Having accurate contact data plays an essential role in compliance. Data privacy regulations have proliferated around the globe, and hundreds of regulations exist today. However, achieving compliance is just the start; to be competitive nowadays, accurate data quality and transparent communications channels need to become part of your brand to customers and prospects.

Our data quality solutions help you meet these challenges. We ensure your business has the most genuine, accurate and up-to-date data for your customers, giving you the ability to communicate with your contacts when it matters most. When compliance questions come up or audits happen, be sure your organization is prepared.

GDPR: One Year Later

May 25, 2019 marks the one year anniversary of the implementation of GDPR: the European Union’s General Data Protection Regulation, a sweeping set of data privacy laws replacing a patchwork of regulations from individual European countries.

GDPR has been a hot topic for anyone involved with data who does business in Europe, and the entire industry has been watching its rollout with interest. So where do things stand one year down the road? Here are some trends we’ve been seeing in the press:

One quick win: breach notification. There is a clear consensus among industry observers that the volume of breach notifications was the single biggest immediate change following the implementation of GDPR.

In the aftermath of clear, EU-wide regulations for self-reporting data privacy breaches, such notifications have increased substantially over the past year, with nearly 60,000 breaches reported in the EU over the first eight months of GDPR. Speaking in a recent Slate article, the UK’s Steven Eckersley notes that in his country alone breach notifications are predicted to nearly double from 18-20,000 in 2018 to around 36,000 in 2019.

Compliance – and enforcement – have ramped up slowly. One of the biggest storylines of 2018 in the data industry was how companies struggled to meet this law’s compliance deadlines. 2019 finds these efforts still ramping up: at a recent meeting of the International Association of Privacy Professionals, it was estimated that 50% of covered firms are still in the process of GDPR compliance, a process that may continue for a couple of more years overall.

GDPR was also noted for its potential to levy stiff penalties on companies that did not protect consumer data, ranging up to 4% of annual turnover. However, enforcement efforts have proceeded cautiously to date. Of the roughly 56 million Euros in fines levied against firms for GDPR violations over its first nine months, nearly 90% of this sum was a single 50 million Euro fine against Google, with a majority of fines to date being small ones. However, some analysts expect enforcement efforts towards small- and medium-sized firms to increase in the future.

GDPR is part of a movement. Perhaps the biggest impact of GDPR over the past year lies outside the EU, where new data privacy laws influenced by GDPR are now being proposed in numerous countries worldwide. Here in the United States, new data privacy requirements are coming online in California in 2020, and US Senator Marco Rubio has recently proposed a federal data privacy standard similar to GDPR – and according to DestinationCRM, the latter may in fact be a welcome development for firms compared with the potential need for managing disparate state mandates.

Beyond compliance and enforcement issues, many analysts continue to feel that data privacy initiatives such as GDPR are also fundamentally changing the dialogue between businesses and their customers, creating relationships that are built more on trust and transparency. A year into the implementation of GDPR, it is still a very exciting time to be in the data quality business.

How we can help

If you do business in Europe – or have customers there – GDPR affects you too. In particular, you need to know what countries each of your customers or prospects are based in, to get started with your own compliance efforts.

Visit our GDPR solutions page for an informative solutions sheet and whitepaper report on GDPR compliance, together with details on capabilities such as our DOTS Address Detective – International product – a real-time service that employs fuzzy logic to correct or append country information for compliance purposes. Want to learn more? Contact our friendly technical team to discuss your specific GDPR compliance needs.