Posts Tagged ‘GDPR’

Marketing Strategies for the New Digital Privacy Era

In a world of big data, information for sale, and people oversharing on social media, this past decade has lulled many marketers into believing in a post-privacy era of virtually unfettered access to consumer and prospect data.

Even consumers themselves share this perception: according to an Accenture survey, 80% of consumers between the ages of 20 and 40 feel that total digital privacy is a thing of the past. But today this Wild West scenario is becoming increasingly regulated, with growing constraints on the acquisition and use of people’s personal data. Directives such as the European Union’s GDPR and ePrivacy regulations, along with other initiatives around the globe, are ushering in a new landscape of privacy protections.

Much has been written about how to comply with these new regulations and avoid penalties, on this blog and elsewhere. But this new environment is also a marketing opportunity for savvy organizations. Here, we examine some specific ways you can position yourself to grow in a changing world of privacy.

Leverage Data Quality With These Five Key Marketing Strategies

Be transparent. In their 2018 State of the Connected Customer survey, Salesforce.com found that 86% of customers would be more likely to trust companies with their information if they explain how it will provide them with a better experience.

Offer value. The Accenture survey mentioned above notes that over 60% of customers feel that getting relevant offers is more important than keeping their online activity private, with nearly half saying that they would not mind companies tracking their buying behavior if this led to more relevant offers.

Give customers what they want. According to European CRM firm SuperOffice, the post-GDPR world represents an opportunity to create segmented customer lists, through techniques such as separate website pop-ups for different areas of interest and content marketing via social media.

Look at the entire customer life cycle. Many firms offer a one-time free incentive, such as a report or webinar, in exchange for contact data and marketing permission. However, this can lead to fraudulent information being offered to get the goodie (we can help with that), or even a real but never-checked “wastebasket” email address. Instead, consider offering a regular stream of high-value information that keeps customers connected with your brand.

Change your perspective. This is perhaps the most important strategy of all: start looking at your customers as partners instead of prospects. Recent regulations are, at their root, a response to interruptive marketing strategies that revolve around bugging the many to sell to the few. Instead, focus on cultivating high-value client relationships with people who want products and services you offer.

More Consumer Privacy Can be a Good Thing

Whether businesses are ready or not, they are increasingly facing a world of marketing to smaller prospect lists of people who choose to hear from them for specific purposes, starting with Europe and spreading elsewhere. But this can be a good thing, and indeed a market opportunity. By changing your selling focus from a numbers game to one of deeper and mutually beneficial customer relationships, you can potentially gain more loyal customers and lower marketing expenses. In the process, this new era of consumer privacy could possibly end up being one of the best things that happen to your business.

Protecting your customers’ privacy and creating a mutually beneficial relationship starts with having the most genuine, accurate and up-to-date data for your contacts.  Download our white paper, Marketing with Bad Contact Data, to learn more about how quickly customer data ages and the impact on your business.

The Growing and Changing Role of the Chief Data Officer

Once upon a time data was just … data. Today it has become a strategic asset for most organizations, underpinning areas such as market analysis, strategic planning, product targeting and segmentation, and much more. The Economist goes so far as to declare data the world’s most valuable resource, much like oil was a century ago. As a result, organizations are increasingly making its oversight part of their executive suites.

Among C-level executives, the Chief Data Officer (CDO) is still the new kid on the block. As recently as 2012 NewVantage Partners found that only 12% of Fortune 1000 firms surveyed had a formal CDO role, while today this figure has risen to over 63%. And by 2019 this figure is expected to rise to 90%, according to this article from Visual Capitalist.

The Chief Data Officer of 2018: Rapid growth and role confusion

Figures from Visual Capitalist paint a striking picture of how quickly the CDO role has grown in larger organizations:

  • The vast majority (83%) have a tenure of less than three years.
  • Their budgets have increased by 23% in 2017 alone.
  • Their numbers in large organizations have increased from 15 in 2010 to over 4000 in 2017.

On the other hand, like any new function where management roles are scrambling to catch up with technology, the exact functions of a CDO are still evolving. Here are some enlightening statistics from the latest NewVantage survey:

  • Change agent or company man? Respondents are split on this, with roughly one-third believing that the CDO should be a change agent from the outside, and another third feeling that he or she should be a company veteran and insider who understands the culture.
  • Only 39.4% of companies view the CDO as having primary responsibility for data strategy and results. The rest point to other executive functions for this, with 23.9% even acknowledging no single point of accountability.
  • Respondents are evenly split 50/50 on the question of whether a CDO should sit on a company’s executive committee, with 22.6% believing this person must be a data scientist or technologist, and half as many (11.3%) feeling this person must have business line experience in generating revenue.
  • There is still a very clear split on how people see a CDO’s responsibilities, between either developing a company’s data and analytics strategy (44.4%), coordinating data initiatives (26.7%), or leading them (20%). However, over 90% believe that the CDO should play a leadership role in these initiatives.

Looking to the longer term, while 12.9% of people feel that the CDO’s role should be temporary or even unnecessary, trends seem to indicate otherwise – particularly in Europe, where the recently-implemented General Data Protection Regulation (GDPR) mandates the creation of a formal Data Protection Officer for all public sector firms, as well as private ones with significant responsibility for handling large-scale private or sensitive consumer data. And this mandate is backed up with potential fines as high as €10 million euros or 2 per cent of annual turnover.

The future of the CDO: From data quality to revenue?

Perhaps the most interesting trend to watch from here might be whether CDOs become entrusted with more revenue responsibility. Currently only 2.2% see this as their primary responsibility, according to NewVantage CEO Randy Bean in Forbes. But analogous to how customer support has evolved from being the “complaint department” to becoming the strategic voice of the customer, particularly in the CRM era, we share a growing view that the strategic and revenue roles of managing data will continue to increase. Today’s CDO may focus on policies, procedures and data quality, while tomorrow’s may also be tasked with mining more profitability from these assets.

In the meantime, data has clearly found its way into the executive suite. Every indication so far is that it is here to stay. And for us at Service Objects, it has been a very exciting time indeed to be in the data quality business.

 

The EU-U.S. Privacy Shield Framework: What It Means for You

In previous blogs, we have talked about what you can do to comply with modern data privacy standards, such as the European Union’s GDPR regulations. Today, we’re going to share what we have done lately about meeting privacy standards – and how this will benefit you.

We are proud to announce that Service Objects has been jointly certified by the European Union and the U.S. Department of Commerce under the new EU-U.S. Privacy Shield Framework. We have aligned our own privacy policies to meet the requirements of this Framework, and recently achieved self-certification in the summer of 2018. In the process, we are now meeting the highest standards for the collection, use and retention of personal information for ALL of our clients worldwide.

Understanding the Privacy Shield Framework

So what is the Privacy Shield Framework? In a nutshell, it requires businesses to comply with EU data protection requirements when transferring personal data from the EU to the United States during transatlantic commerce. Here are some of its key principles:

Notice. This includes disclosure about what kinds of personal information are collected about individuals, the purposes for which it is collected and used, the identities of parties to whom information is being disclosed and why, the rights of the individual to access personal data you may hold on file, and access to an approved independent dispute resolution body for privacy complaints.

Choice. Individuals must be offered the choice to opt-out of data being disclosed to third parties or subsequently used for other than its original intended purpose. In the case of sensitive personal information, ranging from medical information to religious or political beliefs, affirmative express consent must be obtained prior to such use or disclosure.

Accountability for onward transfer. Data can only be transferred to third parties for limited and specified purposes, and only after ensuring that these third parties will provide the same level of privacy protection.

Security. Organizations must take reasonable and appropriate measures to protect data from issues such as loss, misuse, or unauthorized access or disclosure.

Data integrity. Steps must be taken to ensure that personal data is accurate, complete, current and reliable for its intended use.

Access. Individuals must have the ability to access their personal data and correct, amend or delete it where appropriate, except in cases where the costs or impact on the rights of others are prohibitive.

Recourse. A key principle of the Framework is access to approved third-party recourse mechanisms for complaints regarding data privacy issues, including binding arbitration on request.

So, what is the benefit of our participation in the Framework? These guidelines provide a level of security and safety for the data we collect about you, as well as data we process on your behalf. This is particularly important if you work with clients in the European Union, but also represents an important set of safeguards for the data of all of your clients. You can view our revised data privacy practices right here.

Data privacy has evolved quickly from being a lofty goal to having specific, measurable best practices in recent years. The EU-U.S. Privacy Shield Framework represents another step toward creating global standards and certifications in this area, and we are proud to be a part of it.

Where in the World? – DOTS Address Detective International

DOTS Address Detective International is our latest addition to our international suite of products. The new service attempts to append a country to a lead or contact record that either doesn’t have one or helps identify that an incorrect country was connected to the record.

The service can use any combination of Address, Phone, IP Address and Email to determine the best country for the location of the input data. These components are examined individually to determine a best country or perhaps multiple potential countries and then cross-examined with each other to determine the overall best fit. This is not a simple undertaking as data is not always clean and often the result may be unexpected. However, given a few inputs, Service Objects can reliably append a country to most leads or tell you why it can’t be done. We can also help companies determine when their own methods for determining the country have failed.

Challenges for Detecting Country

There are many challenges around properly determining the country from a set of data. While we can predict a country from just one input, these challenges show why it’s important to try to validate with as many inputs as possible. Think you can tell a country by address alone? Take our short, fun Country Quiz to get a sense of how difficult this can be.

Addresses around the world have wildly inconsistent formats. The paradigm of address, city, state, zip does not apply to many countries. In addition, databases, CRMs and marketing automation platforms where user data is stored, do not always conform well to the country of the user. So, data can be jumbled around, missing or even in another language.

Phone numbers present a whole different challenge. Phone numbers are often user submitted and could potentially include access codes or call-out codes. International users may or may not include a country code and without that, it is only possible to guess at the true country based on length or format.

IP addresses are often the cleanest way to detect country but aren’t always collected or may not be the true owner’s IP, especially if it was collected from a list or secondary source. A user using a company VPN, proxy or even using a service that makes the IP anonymous can lead to false positives.

Email addresses can be the most misleading of all, since the location of the user and the mail server that host their messages may be in very different areas, especially for common domains.

Why do you need to determine the Country?

There are many reasons knowing the country of your contacts might be a necessity. Here are just a few:

Marketing. Here at Service Objects, we ask for some basic details on our registration forms before new users get started. Like many other companies, our marketing team does not want to ask for too many details, they call this signup friction. The more data fields you ask for, the more likely a prospect will move on. By detecting country, we can eliminate one more field from the form and lessen signup friction. Until recently, we have been primarily focused on companies in USA and Canada, so our in-house marketing database rarely has the contact record’s country attached to it. When it does, the contact’s country is determined by the sales team on the fly, a judgment call that can be time-consuming and error-prone, as we quickly discovered when using the service on our in-house contact records. Enterprise level companies will find this process even more challenging.

Even if your company collects country, most likely its going to be user-generated, which potentially leads to even more problems. For example, one of our colleagues admits that when he fills out a web form and country is required, he will often choose Albania as the country simply because it appears first on the list.

Cost Savings. Maybe you have an old list of contact records or a CRM full of contacts where the country was never provided and want to validate them for accuracy. Many validation services require country as an input or at the very least, have to perform a more expensive validation because the country is missing or inaccurate. Our service reliably and affordably can append the country before performing more comprehensive validations.

Compliance. The newest challenge comes from the European Union’s General Data Protection Regulation (GDPR), which regulates how companies protect EU citizen’s personal data. Companies need to know if their contacts reside in any of the EU countries covered by GDPR or risk non-compliance and heavy penalties for violations. Service Objects is dedicated to helping companies mitigate these risks by helping identify EU contact records and leads, especially those that are either missing the country or were not accurately obtained. The service will include flags identifying leads that are likely to be in the European Union or have data points within it.

We will also expand the offering to include new areas of interest as well as they form. Countries like Japan, Australia and Brazil are all moving down the path of having similar regulations and our service will assist in identifying those records as well. Used in conjunction with a service like DOTS Lead Validation International, whose purpose it is to validate the authenticity of users around the world, gives the best edge for solving GDPR and data-protection related problems.

Test Drive Address Detective International

So how do you use Address Detective International to detect your contact records’ country? Start with a complimentary API key or send us a list for batch processing. If you would like to discuss in more detail, please contact us, we love talking about data validation!

International Lead Validation and GDPR – A Perfect Match

Late in 2017, Service Objects released a new service, DOTS Lead Validation International, which is helping companies validate their residential and business leads from around the world. Lead Validation International is built on our core foundation of data validation tools and uses the best of ten of Service Objects strongest contact record validation services, providing the unparalleled ability to validate and correct leads from around the globe.  Below is a list of some of the services that Lead Validation International relies on:

DOTS services used with Lead Validation International

Address Validation - InternationalGeoPhone Plus
Address Validation - USPhone Append
Address Validation - CanadaEmail Validation
Address DetectiveIP Address Validation
Name ValidationProprietary internal services

6 Key Components of Lead Validation

Our Lead Validation International service looks at six key components: name, business, email, IP Address, mailing address and phone, performing hundreds of tests to validate the authenticity of each of these individual components, as well as, their connection with each other. A built-in scoring system provides quality scores for each of the individual components and provides a weighted overall quality of the lead based on the results from the components. In addition, a verbose notation system provides insight into how the individual scores were achieved, highlighting interesting data points both good and bad for each component.

Recently, we introduced a set of fields called InformationComponents, which allows for the seamless addition of new content and provides flexibility for our team to work with clients on custom solutions without interrupting the service for other clients. Another example of our continued commitment to improve and evolve our Lead Validation International service is helping our customers evaluate their risk with regards to the European Union’s General Data Protection Regulation (GDPR).

Meeting the GDPR Needs of our Customers

Using Lead Validation International, customers can identify potential risks with regards to the new GDPR, which went into effect in most European Union (EU) countries on May 25th, 2018. These new regulations, designed to protect the personal data of users within the EU, put a great burden on companies and require them to know if their leads are physically located in the EU, as well as, making sure the contact record data is authentic and up-to-date as possible.

So how does Lead Validation International help? In addition to the primary goal of determining the authenticity of a lead and its data points, Lead Validation International is now using geolocation to help identify the physical location of a lead and the various regulatory laws and restrictions that impact that location. The potential for GDPR risk is determined by examining the individual components; Address, IP Address and Phone number of each lead, as well as the overall lead, and determining if the lead resides in a country that observes the GDPR. If a component is found to be associated with the GDPR group, it is given a note: “IsInGDPR”. From here, an analysis of all components is automatically performed to determine if an additional note of “IsInGDPR” should be assigned to the overall notes of the lead.

Companies can use these data points to help assess their risks with any given lead. As of today, Lead Validation International only tracks GDPR risk. However, as new privacy laws and regulations come out, this feature of Lead Validation International will be extended to take these new laws into account and address the needs of our customers.

Check out the power of DOTS Lead Validation International!

data privacy laws

A New Data Privacy Challenge for Europe – and Beyond

New privacy regulations in Europe have recently become a very hot topic again within the business community. And no, we aren’t talking about the recent GDPR law.

A new privacy initiative, known as the ePrivacy Regulation, deals with electronic communications. Technically a revision to the EU’s existing ePrivacy Directive or “cookie law,” and pending review by the European Union’s member states, it could go into effect as early as this year. And according the New York Times, it is facing strong opposition from many technology giants including Google, Facebook, Microsoft and others.

Data privacy meets the app generation

Among other things, the new ePrivacy Regulation requires explicit permission from consumers for applications to use tracking codes or collect data about their private communications, particularly through messaging services such as Skype, iMessage, games and dating apps.  Companies will have to disclose up front how they plan to use this personal data, and perhaps more importantly, must offer the same access to services whether permission is granted or not.

Ironically this new law will also remove the previous directive’s need for the incessant “cookie notices” consumers now receive, by using browser tracking settings, while tightening the use of private data. This will be a mixed blessing for online services, because a simple default browser setting can now lock out the use of tracking cookies that many consumers routinely approved under the old pop-up notices. As part of its opposition to these new rules, trade groups are painting a picture of slashed revenues, fewer free services and curbs on innovation for trends such as the Internet of Things (IoT).

A longstanding saying about online services is that “when something is free, you are the product,” and this new initiative is one of the more visible efforts for consumers to push back and take control of the use of their information. And Europe isn’t alone in this kind of initiative – for example, the new California Consumer Privacy Act, slated for the late 2018 ballot, will also require companies to provide clear opt-out instructions for consumers who do not wish their data to be shared or sold.

The future: more than just European privacy laws

So what does this mean for you and your business? No one can precisely foretell the future of these regulations and others, but the trend over time is clear: consumer privacy legislation will continue to get tighter and tighter. And the days of unfettered access to the personal data of your customers and prospects are increasingly coming to an end. This means that data quality standards will continue to loom larger than ever for businesses, ranging from stricter process controls to maintaining accurate consumer contact information.

We frankly have always seen this trend as an opportunity. As with GDPR, regulations such as these have sprung from past excesses the lie at the intersection of interruptive marketing, big data and the loss of consumer privacy. Consumers are tired of endless spam and corporations knowing their every move, and legislators are responding. But more important, we believe these moves will ultimately lead businesses to offer more value and authenticity to their customers in return for a marketing relationship.

Around the World with Data Privacy Laws

If you work with data, you have certainly heard by now about GDPR: the new European Union laws surrounding consumer data privacy that went into effect May 25, 2018. But how about PIPEDA, NDB, APPI, CCPA, and SHIELD?

These acronyms represent data privacy regulations in other countries (in these cases for Canada, Australia, Japan, California and New York respectively). Many are new or recently expanded, and all are examples of how your legal responsibilities to customers don’t stop with GDPR. More importantly, they represent an opportunity for you and your business to use data quality and 21st century marketing practices to differentiate yourself from your competition.

Data Protection and Privacy Laws Are Becoming Increasingly Popular

Let’s discuss some of these new regulations. According to authentication vendor Auth0, there are a wide range of reasons for their recent proliferation. First, the rollout of GDPR has implications for other countries, including whether their personal data can flow into the EU – meaning that their data quality and protection regulations must align sufficiently with EU rules to be “whitelisted” by them. New laws now being adopted by other countries address issues such as breach notification, the use of genetic and biometric data, and the rights of individuals to stop their data from being sold.

Moreover, data privacy and security doesn’t stop with Europe and GDPR. Other countries are now starting to explore the rights of consumers in this new era of online information gathering and big data. For example, Japan and other countries now have additional regulations surrounding the use of personal information codes to identify data records, and there is increasing scrutiny on personal data that is gathered through means such as social media.

Contact Data Plays a Key Role in Compliance

Now, let’s talk about your contact data. It often isn’t ready for global data regulations, through actions such as not gathering country information at the point of data entry, or having onerous location data entry requirements (like putting “United States” at the end of a long pull-down menu of countries) that encourage false responses. Worse, existing contact data often has serious information gaps or incorrect information, and it goes bad very quickly: for example, nearly 20% of phone numbers and 35% of email addresses change every year.

Finally, let’s talk about you. In the face of a growing list of data privacy and security regulations, your job isn’t just to become GDPR-compliant. It is to build and maintain a best-practices approach to data quality, which in turn keeps you up to date with both today’s consumer data laws and tomorrow’s.

Data Quality Best Practices Are a Competitive Differentiator

Taking a step back from this flood of new regulations, we would also suggest that an ideal goal isn’t just compliance – it is to leverage today’s data quality environment as a competitive opportunity. Why do these new laws exist? Because of consumer demand. People are tired of interruptive broad-brush marketing, invasive spam, and unwanted telemarketing. When you build your own marketing strategy around better targeting, curated customer relationships, and respect for the consumer, your focus can shift from avoiding penalties to growing your brand and market share faster.

We can help with both of these objectives. For starters, we now offer our Country Detective service, which can process up to 500 contact records and append correct countries to them to help guide your compliance efforts. And for the longer term we offer a free Global Data Assessment, where our team will consult with you at no charge about strategies for data quality in today’s new regulatory and market environment. Interested? Contact us to get the ball rolling, and take the next step in your global market growth.

The GDPR is the dawn of a new era in customer relationships, providing new opportunities for business growth and marketing success as companies move away from interruptive marketing towards collaborative – and ultimately more profitable – relationships.

What Role Does Contact Data Quality Play in GDPR Compliance?

If you do business in Europe, you are probably quite familiar by now with the acronym GDPR – the European Union’s General Data Protection Regulation. In May 2018, companies that handle personal information from European consumers will be required to follow strict new regulations for privacy, data security, and accuracy of personal data from EU citizens.

Many organizations are focused on avoiding the stiff penalties associated with GDPR violations. I have a different view. To me, the GDPR is an opportunity for business growth and marketing success as a result of the fundamental decisions you make about your data quality.

Let’s start with Article 5 of the GDPR, which will be one of the most critical compliance areas for most organizations. It requires you to make a good faith, best practice effort to correct or expunge errors in your contact database, along with ensuring data security and appropriate usage. You will need to be able to document these efforts to avoid penalties.

This Article responds to a norm among some organizations that a certain amount of bad contact data is an unavoidable cost of doing business – and in fact, according to SiriusDecisions, as many as 25% of marketing contact records currently contain critical errors. So what if Hans in Frankfurt or Liv in Stockholm gets a little extra junk mail because someone else lived at that address years ago?

To me, Article 5 of the GDPR forces you to care about something you should care about anyway – protecting your customers from unwanted marketing contacts. In addition, these unwanted or erroneous contacts are a serious drag on your marketing expenses and a waste of resources for the environment. Now that inexpensive API and list processing tools can validate addresses, lead quality and much more, it has long been past time for most organizations to put data quality on autopilot.

I feel that a similar nexus exists for much of the rest of the GDPR. For example, it has strict opt-in requirements that prevent you from “defaulting” a customer on to your marketing contact list, and you must make it simple for customers to modify their information or even be “forgotten” if they wish. Some may see rules like these as an onerous intrusion on their marketing process. I personally see it as the dawn of a new era in customer relationships, away from interruptive marketing and towards more collaborative – and ultimately more profitable – relationships.

So, go ahead and join the rush to become GDPR compliant by May. But in the process, take advantage of this time to re-think your data quality and marketing strategies for the long term. I think you’ll find that a new and much more effective business strategy lies in your future.

Recognizing the vital role contact data quality plays in GDPR compliance, Service Objects is offering affected businesses a free data quality assessment.

Free Data Quality Assessment Helps Businesses Gauge GDPR Compliance Ahead of May Deadline

As the May 25, 2018, deadline looms, Service Objects, the leading provider of real-time global contact validation solutions, is offering a GDPR Data Quality Assessment to help companies evaluate their if they are prepared for the new set of privacy rules and regulations.

“Our goal is to help you get a better understanding of the role your client data plays in GDPR compliance,” says Geoff Grow, CEO and Founder, Service Objects. “With our free GDPR Data Quality Assessment, companies will receive an honest, third-party analysis of the accuracy of their contact records and customer database.”

Under the GDPR, personal data includes any information related to a natural person or ‘Data Subject’ that can be used to identify the person directly or indirectly. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Even if an organization is not based in the EU, it may still need to observe the rules and regulations of GDPR. That’s because the GDPR not only applies to businesses located in the EU but to any companies offering goods or services within the European Union. In addition, if a business monitors the behavior of any EU data subjects, including the processing and holding of personal data, the GDPR applies.

Recognizing the vital role contact data quality plays in GDPR compliance, Service Objects decided to offer a free data quality assessment to help those industries affected by the regulation measure the accuracy of their contact records and prepare for the May 2018 deadline.

The evaluation will include an analysis of up to 500 records, testing for accuracy across a set of inputs including name, phone, address, email, IP, and country. After the assessment is complete, a composite score will be provided, giving businesses an understanding of the how close they are to being compliant with GDPR’s Article 5.

Article 5 of the GDPR requires organizations collecting and processing personal information of individuals within the European Union (EU) to ensuring all current and future customer information is accurate and up-to-date. Not adhering to the rules and regulations of the GDPR can result in a fine of up to 4% of annual global turnover or €20 Million (whichever is greater).

“To avoid the significant fines and penalties associated with the GDPR, businesses are required to make every effort to keep their contact data is accurate and up-to-date,” Grow added. “Service Objects’ data quality solutions enable global businesses to fulfill the regulatory requirements of Article 5 and establish a basis for data quality best practices as part of a broader operational strategy.”

 

For more information on how to get started with your free GDPR Data Quality Assessment, please visit our website today.

As the GDPR ushers in a new generation of consumer data privacy controls, the Facebook and Cambridge Analytica scandal proves businesses need to prepare.

Facebook, Data Quality, and the GDPR

With 2.1 billion active users, Facebook presents an exceptional opportunity for targeted marketing and businesses interested in harnessing the power of consumer data. In fact, there are now entire industries devoted to collecting and selling personally identifiable information. Unfortunately, the swift expansion of social media, with its tantalizing trove of consumer information, has left lawmakers playing catch up. However, that’s about to change, thanks, in part, to the scandal surrounding Facebook and Cambridge Analytica and its intersection with the General Data Protection Regulation (GDPR), an EU law governing data protection and privacy for all individuals within the European Union.

The GDPR Effect 

Though the GDPR will not take effect until May 25, 2018, if the breach of 50 million user account had happened while the law was in place, it would have resulted in a costly error for Facebook. As Austrian privacy campaigner and Facebook critic Max Schrems was quick to point out, had the unauthorized the sharing of profile data to Cambridge Analytica occurred while the GDPR was in effect, it “would have cost Facebook 4 percent of their global revenue”, somewhere in the ballpark of $1.6bn (€1.3bn).

But even before the Cambridge-Analytica story grabbed headlines, GDPR implementation was set to trigger significant changes to Facebook’s business operations. According to Reuters, Facebook faces a double-edged challenge: comply with the new GDPR rules and allow European users to opt out of targeted advertising, or violate the GDPR and face fines of up to 4% of the company’s annual revenue.  Considering 24% of Facebook’s ad revenue comes from EU users, either course of action represents a significant hit to profits for the company. And with global adoption of GDPR-type privacy protocols beginning to take hole around the world, Facebook and its social media cohorts will need to adapt to the changing consumer data landscape. 

A Global Movement

Though the EU primarily applies directly to data from EU citizens, it also controls the flow of personal data from within the EU to countries outside its borders. With US and UK legislation probable, this new era of data security means enormous changes in the way companies do business. As a result, international adoption of the GDPR’s privacy protocols is already taking hold around the world as counties begin to change their own data privacy rules. 

How Businesses Can Prepare

So how can business owners make sure they do not follow in Facebook’s footsteps? Companies entrusted with customer data must first acknowledge their responsibility in keeping that information secure. It is not enough to create a security protocol; organizations must also enforce and audit those policies. Robust and comprehensive quality analysis is also crucial, especially in light of the GDPR Article 5 mandate requiring the personal information of individuals within the European Union (EU) be current and accurate. Finally, the use of contact data, especially when it comes to combining information from different sources, should also be monitored. It is not enough to know your information is accurate; you must also make sure you are using it in the manner it was intended to be used, both legally and ethically.

The Benefits of Data Quality Best Practices

Though many businesses are still unprepared for the GDPR’s May 2018 deadline, it seems clear this latest scandal involving Facebook and Cambridge Analytica will spur many businesses into action.

The good news is implementing data quality best practices to comply with Article 5 makes good business sense. It will save organizations considerable money in the form of streamlined marketing and sales campaigns, improve overall customer service and reduce the waste associated with bad contact data.

Service Objects can help you get a better understanding of the role your customer data plays in becoming GDPR compliant. Send us up to 500 records (it is a 100% secure process) and we will provide you with an overall score of the quality of each record based on fields such as name, phone, address, email, IP, and country. Get started today.