Posts Tagged ‘gdpr compliance’

Accurate Contact Data and Compliance

If you are a data professional, the word “compliance” has become a bigger part of your vocabulary than ever lately. Data privacy laws have proliferated in recent years, risks and potential penalties for violations have increased, and customers and prospects are more aware of their rights than ever.

These laws all have one thing in common: the need for accurate contact data. In this article, I would like to give you an overview of why validating your contact data assets, at the time of data entry and prior to contact campaigns, is the single most important best practice you can implement to mitigate these compliance risks. Let’s look at three of the biggest compliance areas today:

1. Marketing permission

We are increasingly part of an opt-in world, where unwanted marketing contact is often heavily penalized. The wrong email address can run afoul of the CAN-SPAM Act, bad contact data can violate the strict opt-in provisions of GDPR, and texting to a cell phone that has changed hands violates the US Telephone Consumer Protection Act (TCPA).

Few companies intentionally set out to violate laws like these. Instead, violations often occur organically as a result of data quality issues. Bad data comes into your system at the point of entry, contact data changes over time, and existing contacts change roles. Avoiding these preventable risks is one reason why a proactive approach for having clean contact data is central.

2. Breach notification

Something goes wrong. Your customers’ data falls into the wrong hands. How quickly could you notify each of these customers about what happened?

In the aftermath of recent data privacy laws, ranging from the European Union’s GDPR regulation to the Federal HIPAA act for electronic health care data, breach notification has become a key compliance concern for data professionals worldwide. According to this article, such data breaches represent one of the most likely sources of legal exposure, from both individuals and data protection authorities. And breaches themselves have proliferated to the extent that one source even features an “incident of the week.”

This is one area where accuracy AND responsiveness matter from a compliance standpoint. In the former case, risks include failure to notify affected individuals as well as liability for being out of compliance. In the latter case, speed of response is increasingly becoming a matter of law: for example, GDPR requires businesses to “communicate high-risk breaches to affected data subjects without undue delay.” Both cases require rapid access to accurate, up-to-date contact data.

3. Communications with customers

This article from Forbes Magazine points out that an effective data privacy framework starts with a dialogue with your customers. Building trust – and preventing regulatory complaints – requires having accurate channels for communicating your policies and responding to customer feedback.

Mitigating your compliance risks

Having accurate contact data plays an essential role in compliance. Data privacy regulations have proliferated around the globe, and hundreds of regulations exist today. However, achieving compliance is just the start; to be competitive nowadays, accurate data quality and transparent communications channels need to become part of your brand to customers and prospects.

Our data quality solutions help you meet these challenges. We ensure your business has the most genuine, accurate and up-to-date data for your customers, giving you the ability to communicate with your contacts when it matters most. When compliance questions come up or audits happen, be sure your organization is prepared.

GDPR: One Year Later

May 25, 2019 marks the one year anniversary of the implementation of GDPR: the European Union’s General Data Protection Regulation, a sweeping set of data privacy laws replacing a patchwork of regulations from individual European countries.

GDPR has been a hot topic for anyone involved with data who does business in Europe, and the entire industry has been watching its rollout with interest. So where do things stand one year down the road? Here are some trends we’ve been seeing in the press:

One quick win: breach notification. There is a clear consensus among industry observers that the volume of breach notifications was the single biggest immediate change following the implementation of GDPR.

In the aftermath of clear, EU-wide regulations for self-reporting data privacy breaches, such notifications have increased substantially over the past year, with nearly 60,000 breaches reported in the EU over the first eight months of GDPR. Speaking in a recent Slate article, the UK’s Steven Eckersley notes that in his country alone breach notifications are predicted to nearly double from 18-20,000 in 2018 to around 36,000 in 2019.

Compliance – and enforcement – have ramped up slowly. One of the biggest storylines of 2018 in the data industry was how companies struggled to meet this law’s compliance deadlines. 2019 finds these efforts still ramping up: at a recent meeting of the International Association of Privacy Professionals, it was estimated that 50% of covered firms are still in the process of GDPR compliance, a process that may continue for a couple of more years overall.

GDPR was also noted for its potential to levy stiff penalties on companies that did not protect consumer data, ranging up to 4% of annual turnover. However, enforcement efforts have proceeded cautiously to date. Of the roughly 56 million Euros in fines levied against firms for GDPR violations over its first nine months, nearly 90% of this sum was a single 50 million Euro fine against Google, with a majority of fines to date being small ones. However, some analysts expect enforcement efforts towards small- and medium-sized firms to increase in the future.

GDPR is part of a movement. Perhaps the biggest impact of GDPR over the past year lies outside the EU, where new data privacy laws influenced by GDPR are now being proposed in numerous countries worldwide. Here in the United States, new data privacy requirements are coming online in California in 2020, and US Senator Marco Rubio has recently proposed a federal data privacy standard similar to GDPR – and according to DestinationCRM, the latter may in fact be a welcome development for firms compared with the potential need for managing disparate state mandates.

Beyond compliance and enforcement issues, many analysts continue to feel that data privacy initiatives such as GDPR are also fundamentally changing the dialogue between businesses and their customers, creating relationships that are built more on trust and transparency. A year into the implementation of GDPR, it is still a very exciting time to be in the data quality business.

How we can help

If you do business in Europe – or have customers there – GDPR affects you too. In particular, you need to know what countries each of your customers or prospects are based in, to get started with your own compliance efforts.

Visit our GDPR solutions page for an informative solutions sheet and whitepaper report on GDPR compliance, together with details on capabilities such as our DOTS Address Detective – International product – a real-time service that employs fuzzy logic to correct or append country information for compliance purposes. Want to learn more? Contact our friendly technical team to discuss your specific GDPR compliance needs.