Does your business have a data privacy policy in place?

If the answer is “not yet,” my next question is whether you do business with customers in California – because that state’s strict new consumer privacy laws take effect on January 1, 2020. The California Consumer Protection Act (CCPA), which particularly applies to larger firms as well as firms that sell personal consumer data, is part of a growing trend in consumer privacy legislation worldwide.

This article will take a look at why data privacy policies are not just a must for regulatory compliance, particularly with new legislation coming online, but also good business.

Why you need a data privacy policy

The latest wave of consumer privacy regulations is part of a global trend putting customers back in control of their data and giving them more of a say in efforts to market to them. One of the most public examples recently has been the European Union’s General Data Protection Regulation (GDPR): It has strict requirements for opting-in to marketing communications, allowing people to manage their marketing preferences, and even giving consumers the right to be digitally “forgotten” if requested. Backed by stiff fines that can total as much as 4% of annual turnover, it affects companies of any size that market to EU consumers.

According to a recent Capgemini report, laws such as these are proliferating worldwide, with regulations pending or in effect on every continent, and draft privacy legislation in the works for at least 10 US states. In addition, Washington state has even proposed its own GDPR-style legislation.

Sadly, companies are still behind the curve in adapting to this new landscape. Capgemini notes that less than a third of organizations were fully GDPR-compliant as of June 2019, with some market sectors such as insurance, telecom and government services falling below a 25% compliance rate. Closer to home, nearly a third of firms are claiming they will only be partially compliant with CCPA by its 2020 implementation. And in the latter case, these firms cite factors including legacy IT systems, unclear guidance and getting employees on board as major factors.

From a data quality standpoint, this means that having clean, validated contact data from a central source isn’t just nice to have – it is increasingly becoming a requirement. When a customer opts out at any touch point, for example, every stakeholder in your organization needs to know this. And the cost of bad or misdirected customer contact data now includes potential regulatory fines as well as increased business costs. This means that a data privacy policy, as part of a larger data governance framework, must replace silos of contact information and unclear boundaries for data quality responsibilities.

Why you want a data privacy policy

For years, we have been making the case that better control of data privacy – including a process for ensuring data quality at each phase of data acquisition and usage – makes good business sense, for reasons that go far beyond fear of compliance penalties. Here are just a few of the reasons why:

• Better customer engagement. When your marketing and customer communications are targeted to people who want to hear from you, and welcome your message, you are building an engaged community with better ROI compared with traditional “spray and pray” marketing.
• A single 360-degree view of the customer. The single customer view (SCV) movement has gained steam over the years, particularly with the growth of multi-channel support and marketing. Company-wide data privacy policies are a foundation for successful SCV implementations.
• Brand reputation. When you play “gotcha” by tricking consumers into opting in to marketing communications, don’t give them control over their preferences, or worse, market with dirty data, you not only run afoul of data privacy laws – you brand yourselves as pests in a world that likes interruptive marketing tactics less and less. A recent GlobalWebIndex article describes this as a “Data-Driven Trust Deficit” affecting your brand image.
• Improved performance. In perhaps the most important reason of all for data privacy, Capgemini notes that firms that are fully GDPR compliant have better revenue performance, customer satisfaction and even employee morale. Correlation isn’t necessarily causation, but there is a clear and quantifiable relationship between good data governance and better outcomes.

The rise of the new consumer

Most industry observers will say that data privacy policies are increasingly becoming a requirement, on the heels of a growing regulatory compliance burden for data managers. We would take this view a step further – these policies can also be a competitive differentiator and even a strategic foundation for revenue growth. Compliance is important – and growing in importance – but it is only part of the picture nowadays.

So don’t just react to the threat of compliance penalties – think through the advantages of an engaged community of prospects and customers. Then quantify these advantages and let them inform the development of your data protection, privacy and governance policies. The end result will be an organization that knows and interacts with its contacts much better than its competitors do.

If you are a marketing, order fulfillment or data manager, there are some things you don’t want to be greeted with when you come to work in the morning – and a surprising number of them revolve around issues with your contact data. For example:

• You’ve sent someone’s sensitive personal information to a similar but incorrect address that was fat-fingered during data entry, and it’s become a news story.
• 20% of your marketing budget was spent on direct mail pieces to people with names like “Mickey Mouse” and “SpongeBob SquarePants” who faked out your lead magnets to get free bonuses.
• You shipped several high-ticket items to a fraudster using fake contact information.
• You are facing a court order for violations of the Telephone Consumer Protection Act (TCPA), for unsolicited telemarketing to wireless phones that once belonged to your contacts but have now changed hands.

According to Gartner, the cost of bad data to US businesses is roughly $15 billion per year as of 2018, and UK site MyCustomer notes that bad customer data alone costs UK businesses 5.9% of annual revenue. But those are just aggregate numbers that often don’t mean anything to the average business. Here, let’s look at some of the real ground-level consequences of bad contact data.

Marketing inefficiency

According to this source, the average company spends $180,000 per year simply on direct mail that is misdelivered due to inaccurate data. Your cost per converted lead is directly impacted by the quality of your data, in a chain that runs through areas such as direct mail costs, list maintenance, human intervention, and the yield and ROI of your campaigns.

Reputational damage

Misdelivered packages. Service failures. Customer service issues. Problems like these are what, down in the trenches, create negative brand reputations that no amount of advertising or marketing can overcome – particularly in an era of social media, where your failings are always on display. Conversely, when people can count on you for quality in all of their interactions with you, it builds consumer trust and a good word-of-mouth reputation.

Compliance issues

This is one area where the cost of bad contact data becomes very real and tangible, as newer data privacy regulations have introduced serious penalties for compliance violations. For example, the European Union’s GDPR regulation includes potential fines of up to 4% of annual revenue, while the TCPA regulation mentioned above includes penalties of up to $1500 per individual violation, resulting in numerous multi-million dollar judgments against consumer firms nationwide. As a result, compliance issues alone have become a major reason for an increasing focus on data quality.

Pay now or pay later

One way to look at the impact of data quality on your business is what we call the “1-10-100” rule:

• Catching bad data at the time of data entry may cost one cent per entry
• Correcting bad data at the time of use may cost ten cents
• Managing the consequences of using bad data may cost a dollar – or more

Scaling this to an organizational level, a proactive approach to data hygiene is far and away the most cost-effective way to avoid the negative financial and reputational consequences of bad contact data.

This means having processes that encompass all of your contact data touch points, including marketing, shipping, customer service and more. In particular, it means ensuring clean contact data at both the time of data entry and the time of deployment, since data decays at a substantial rate every year.

Today this also means automating the process of contact data quality, by integrating tools such as address validation, email validation, lead and order validation directly into your marketing automation or CRM environment.

Want to learn more? Visit our solutions pages online, or download our free white paper Hitting the Data Trifecta: Three Secrets of Achieving Data Quality Excellence.

May 25, 2019 marks the one year anniversary of the implementation of GDPR: the European Union’s General Data Protection Regulation, a sweeping set of data privacy laws replacing a patchwork of regulations from individual European countries.

GDPR has been a hot topic for anyone involved with data who does business in Europe, and the entire industry has been watching its rollout with interest. So where do things stand one year down the road? Here are some trends we’ve been seeing in the press:

One quick win: breach notification. There is a clear consensus among industry observers that the volume of breach notifications was the single biggest immediate change following the implementation of GDPR.

In the aftermath of clear, EU-wide regulations for self-reporting data privacy breaches, such notifications have increased substantially over the past year, with nearly 60,000 breaches reported in the EU over the first eight months of GDPR. Speaking in a recent Slate article, the UK’s Steven Eckersley notes that in his country alone breach notifications are predicted to nearly double from 18-20,000 in 2018 to around 36,000 in 2019.

Compliance – and enforcement – have ramped up slowly. One of the biggest storylines of 2018 in the data industry was how companies struggled to meet this law’s compliance deadlines. 2019 finds these efforts still ramping up: at a recent meeting of the International Association of Privacy Professionals, it was estimated that 50% of covered firms are still in the process of GDPR compliance, a process that may continue for a couple of more years overall.

GDPR was also noted for its potential to levy stiff penalties on companies that did not protect consumer data, ranging up to 4% of annual turnover. However, enforcement efforts have proceeded cautiously to date. Of the roughly 56 million Euros in fines levied against firms for GDPR violations over its first nine months, nearly 90% of this sum was a single 50 million Euro fine against Google, with a majority of fines to date being small ones. However, some analysts expect enforcement efforts towards small- and medium-sized firms to increase in the future.

GDPR is part of a movement. Perhaps the biggest impact of GDPR over the past year lies outside the EU, where new data privacy laws influenced by GDPR are now being proposed in numerous countries worldwide. Here in the United States, new data privacy requirements are coming online in California in 2020, and US Senator Marco Rubio has recently proposed a federal data privacy standard similar to GDPR – and according to DestinationCRM, the latter may in fact be a welcome development for firms compared with the potential need for managing disparate state mandates.

Beyond compliance and enforcement issues, many analysts continue to feel that data privacy initiatives such as GDPR are also fundamentally changing the dialogue between businesses and their customers, creating relationships that are built more on trust and transparency. A year into the implementation of GDPR, it is still a very exciting time to be in the data quality business.

How we can help

If you do business in Europe – or have customers there – GDPR affects you too. In particular, you need to know what countries each of your customers or prospects are based in, to get started with your own compliance efforts.

Visit our GDPR solutions page for an informative solutions sheet and whitepaper report on GDPR compliance, together with details on capabilities such as our DOTS Address Detective – International product – a real-time service that employs fuzzy logic to correct or append country information for compliance purposes. Want to learn more? Contact our friendly technical team to discuss your specific GDPR compliance needs.

In a world of big data, information for sale, and people oversharing on social media, this past decade has lulled many marketers into believing in a post-privacy era of virtually unfettered access to consumer and prospect data.

Even consumers themselves share this perception: according to an Accenture survey, 80% of consumers between the ages of 20 and 40 feel that total digital privacy is a thing of the past. But today this Wild West scenario is becoming increasingly regulated, with growing constraints on the acquisition and use of people’s personal data. Directives such as the European Union’s GDPR and ePrivacy regulations, along with other initiatives around the globe, are ushering in a new landscape of privacy protections.

Much has been written about how to comply with these new regulations and avoid penalties, on this blog and elsewhere. But this new environment is also a marketing opportunity for savvy organizations. Here, we examine some specific ways you can position yourself to grow in a changing world of privacy.

Leverage data quality with these five key marketing strategies

Be transparent. In their 2018 State of the Connected Customer survey, Salesforce.com found that 86% of customers would be more likely to trust companies with their information if they explain how it will provide them with a better experience.

Offer value. The Accenture survey mentioned above notes that over 60% of customers feel that getting relevant offers is more important than keeping their online activity private, with nearly half saying that they would not mind companies tracking their buying behavior if this led to more relevant offers.

Give customers what they want. According to European CRM firm SuperOffice, the post-GDPR world represents an opportunity to create segmented customer lists, through techniques such as separate website pop-ups for different areas of interest and content marketing via social media.

Look at the entire customer life cycle. Many firms offer a one-time free incentive, such as a report or webinar, in exchange for contact data and marketing permission. However, this can lead to fraudulent information being offered to get the goodie (we can help with that), or even a real but never-checked “wastebasket” email address. Instead, consider offering a regular stream of high-value information that keeps customers connected with your brand.

Change your perspective. This is perhaps the most important strategy of all: start looking at your customers as partners instead of prospects. Recent regulations are, at their root, a response to interruptive marketing strategies that revolve around bugging the many to sell to the few. Instead, focus on cultivating high-value client relationships with people who want products and services you offer.

More consumer privacy can be a good thing

Whether businesses are ready or not, they are increasingly facing a world of marketing to smaller prospect lists of people who choose to hear from them for specific purposes, starting with Europe and spreading elsewhere. But this can be a good thing, and indeed a market opportunity. By changing your selling focus from a numbers game to one of deeper and mutually beneficial customer relationships, you can potentially gain more loyal customers and lower marketing expenses. In the process, this new era of consumer privacy could possibly end up being one of the best things that happen to your business.

Protecting your customers’ privacy and creating a mutually beneficial relationship starts with having the most genuine, accurate and up-to-date data for your contacts.  Download our white paper, Marketing with Bad Contact Data, to learn more about how quickly customer data ages and the impact on your business.

Once upon a time data was just … data. Today it has become a strategic asset for most organizations, underpinning areas such as market analysis, strategic planning, product targeting and segmentation, and much more. The Economist goes so far as to declare data the world’s most valuable resource, much like oil was a century ago. As a result, organizations are increasingly making its oversight part of their executive suites.

Among C-level executives, the Chief Data Officer (CDO) is still the new kid on the block. As recently as 2012 NewVantage Partners found that only 12% of Fortune 1000 firms surveyed had a formal CDO role, while today this figure has risen to over 63%. And by 2019 this figure is expected to rise to 90%, according to this article from Visual Capitalist.

The Chief Data Officer of 2018: Rapid growth and role confusion

Figures from Visual Capitalist paint a striking picture of how quickly the CDO role has grown in larger organizations:

• The vast majority (83%) have a tenure of less than three years.
• Their budgets have increased by 23% in 2017 alone.
• Their numbers in large organizations have increased from 15 in 2010 to over 4000 in 2017.

On the other hand, like any new function where management roles are scrambling to catch up with technology, the exact functions of a CDO are still evolving. Here are some enlightening statistics from the latest NewVantage survey:

• Change agent or company man? Respondents are split on this, with roughly one-third believing that the CDO should be a change agent from the outside, and another third feeling that he or she should be a company veteran and insider who understands the culture.
• Only 39.4% of companies view the CDO as having primary responsibility for data strategy and results. The rest point to other executive functions for this, with 23.9% even acknowledging no single point of accountability.
• Respondents are evenly split 50/50 on the question of whether a CDO should sit on a company’s executive committee, with 22.6% believing this person must be a data scientist or technologist, and half as many (11.3%) feeling this person must have business line experience in generating revenue.
• There is still a very clear split on how people see a CDO’s responsibilities, between either developing a company’s data and analytics strategy (44.4%), coordinating data initiatives (26.7%), or leading them (20%). However, over 90% believe that the CDO should play a leadership role in these initiatives.

Looking to the longer term, while 12.9% of people feel that the CDO’s role should be temporary or even unnecessary, trends seem to indicate otherwise – particularly in Europe, where the recently-implemented General Data Protection Regulation (GDPR) mandates the creation of a formal Data Protection Officer for all public sector firms, as well as private ones with significant responsibility for handling large-scale private or sensitive consumer data. And this mandate is backed up with potential fines as high as €10 million euros or 2 percent of annual turnover.

The future of the CDO: From data quality to revenue?

Perhaps the most interesting trend to watch from here might be whether CDOs become entrusted with more revenue responsibility. Currently, only 2.2% see this as their primary responsibility, according to NewVantage CEO Randy Bean in Forbes. But analogous to how customer support has evolved from being the “complaint department” to becoming the strategic voice of the customer, particularly in the CRM era, we share a growing view that the strategic and revenue roles of managing data will continue to increase. Today’s CDO may focus on policies, procedures and data quality, while tomorrow’s may also be tasked with mining more profitability from these assets.

In the meantime, data has clearly found its way into the executive suite. Every indication so far is that it is here to stay. And for us at Service Objects, it has been a very exciting time indeed to be in the data quality business.

In previous blogs, we have talked about what you can do to comply with modern data privacy standards, such as the European Union’s GDPR regulations. Today, we’re going to share what we have done lately about meeting privacy standards – and how this will benefit you.

We are proud to announce that Service Objects has been jointly certified by the European Union and the U.S. Department of Commerce under the new EU-U.S. Privacy Shield Framework. We have aligned our own privacy policies to meet the requirements of this Framework, and recently achieved self-certification in the summer of 2018. In the process, we are now meeting the highest standards for the collection, use and retention of personal information for ALL of our clients worldwide.

Understanding the Privacy Shield Framework

So what is the Privacy Shield Framework? In a nutshell, it requires businesses to comply with EU data protection requirements when transferring personal data from the EU to the United States during transatlantic commerce. Here are some of its key principles:

Notice. This includes disclosure about what kinds of personal information are collected about individuals, the purposes for which it is collected and used, the identities of parties to whom information is being disclosed and why, the rights of the individual to access personal data you may hold on file, and access to an approved independent dispute resolution body for privacy complaints.

Choice. Individuals must be offered the choice to opt-out of data being disclosed to third parties or subsequently used for other than its original intended purpose. In the case of sensitive personal information, ranging from medical information to religious or political beliefs, affirmative express consent must be obtained prior to such use or disclosure.

Accountability for onward transfer. Data can only be transferred to third parties for limited and specified purposes, and only after ensuring that these third parties will provide the same level of privacy protection.

Security. Organizations must take reasonable and appropriate measures to protect data from issues such as loss, misuse, or unauthorized access or disclosure.

Data integrity. Steps must be taken to ensure that personal data is accurate, complete, current and reliable for its intended use.

Access. Individuals must have the ability to access their personal data and correct, amend or delete it where appropriate, except in cases where the costs or impact on the rights of others are prohibitive.

Recourse. A key principle of the Framework is access to approved third-party recourse mechanisms for complaints regarding data privacy issues, including binding arbitration on request.

So, what is the benefit of our participation in the Framework? These guidelines provide a level of security and safety for the data we collect about you, as well as data we process on your behalf. This is particularly important if you work with clients in the European Union, but also represents an important set of safeguards for the data of all of your clients. You can view our revised data privacy practices right here.

Data privacy has evolved quickly from being a lofty goal to having specific, measurable best practices in recent years. The EU-U.S. Privacy Shield Framework represents another step toward creating global standards and certifications in this area, and we are proud to be a part of it.

DOTS Address Detective International is our latest addition to our international suite of products. The new service attempts to append a country to a lead or contact record that either doesn’t have one or helps identify that an incorrect country was connected to the record.

The service can use any combination of Address, Phone, IP Address and Email to determine the best country for the location of the input data. These components are examined individually to determine a best country or perhaps multiple potential countries and then cross-examined with each other to determine the overall best fit. This is not a simple undertaking as data is not always clean and often the result may be unexpected. However, given a few inputs, Service Objects can reliably append a country to most leads or tell you why it can’t be done. We can also help companies determine when their own methods for determining the country have failed.

Challenges for detecting country

There are many challenges around properly determining the country from a set of data. While we can predict a country from just one input, these challenges show why it’s important to try to validate with as many inputs as possible. Think you can tell a country by address alone? Take our short, fun Country Quiz to get a sense of how difficult this can be.

Addresses around the world have wildly inconsistent formats. The paradigm of address, city, state, zip does not apply to many countries. In addition, databases, CRMs and marketing automation platforms where user data is stored, do not always conform well to the country of the user. So, data can be jumbled around, missing or even in another language.

Phone numbers present a whole different challenge. Phone numbers are often user submitted and could potentially include access codes or call-out codes. International users may or may not include a country code and without that, it is only possible to guess at the true country based on length or format.

IP addresses are often the cleanest way to detect country but aren’t always collected or may not be the true owner’s IP, especially if it was collected from a list or secondary source. A user using a company VPN, proxy or even using a service that makes the IP anonymous can lead to false positives.

Email addresses can be the most misleading of all, since the location of the user and the mail server that host their messages may be in very different areas, especially for common domains.

Why do you need to determine the country?

There are many reasons knowing the country of your contacts might be a necessity. Here are just a few:

Marketing. Here at Service Objects, we ask for some basic details on our registration forms before new users get started. Like many other companies, our marketing team does not want to ask for too many details, they call this signup friction. The more data fields you ask for, the more likely a prospect will move on. By detecting country, we can eliminate one more field from the form and lessen signup friction. Until recently, we have been primarily focused on companies in USA and Canada, so our in-house marketing database rarely has the contact record’s country attached to it. When it does, the contact’s country is determined by the sales team on the fly, a judgment call that can be time-consuming and error-prone, as we quickly discovered when using the service on our in-house contact records. Enterprise level companies will find this process even more challenging.

Even if your company collects country, most likely its going to be user-generated, which potentially leads to even more problems. For example, one of our colleagues admits that when he fills out a web form and country is required, he will often choose Albania as the country simply because it appears first on the list.

Cost Savings. Maybe you have an old list of contact records or a CRM full of contacts where the country was never provided and want to validate them for accuracy. Many validation services require country as an input or at the very least, have to perform a more expensive validation because the country is missing or inaccurate. Our service reliably and affordably can append the country before performing more comprehensive validations.

Compliance. The newest challenge comes from the European Union’s General Data Protection Regulation (GDPR), which regulates how companies protect EU citizen’s personal data. Companies need to know if their contacts reside in any of the EU countries covered by GDPR or risk non-compliance and heavy penalties for violations. Service Objects is dedicated to helping companies mitigate these risks by helping identify EU contact records and leads, especially those that are either missing the country or were not accurately obtained. The service will include flags identifying leads that are likely to be in the European Union or have data points within it.

We will also expand the offering to include new areas of interest as well as they form. Countries like Japan, Australia and Brazil are all moving down the path of having similar regulations and our service will assist in identifying those records as well. Used in conjunction with a service like DOTS Lead Validation International, whose purpose it is to validate the authenticity of users around the world, gives the best edge for solving GDPR and data-protection related problems.

Test drive Address Detective International

So how do you use Address Detective International to detect your contact records’ country? Start with a complimentary API key or send us a list for batch processing. If you would like to discuss in more detail, please contact us, we love talking about data validation!

Late in 2017, Service Objects released a new service, DOTS Lead Validation International, which is helping companies validate their residential and business leads from around the world. Lead Validation International is built on our core foundation of data validation tools and uses the best of ten of Service Objects strongest contact record validation services, providing the unparalleled ability to validate and correct leads from around the globe.  Below is a list of some of the services that Lead Validation International relies on:

DOTS services used with Lead Validation International

6 key components of Lead Validation

Our Lead Validation International service looks at six key components: name, business, email, IP Address, mailing address and phone, performing hundreds of tests to validate the authenticity of each of these individual components, as well as, their connection with each other. A built-in scoring system provides quality scores for each of the individual components and provides a weighted overall quality of the lead based on the results from the components. In addition, a verbose notation system provides insight into how the individual scores were achieved, highlighting interesting data points both good and bad for each component.

Recently, we introduced a set of fields called InformationComponents, which allows for the seamless addition of new content and provides flexibility for our team to work with clients on custom solutions without interrupting the service for other clients. Another example of our continued commitment to improve and evolve our Lead Validation International service is helping our customers evaluate their risk with regards to the European Union’s General Data Protection Regulation (GDPR).

Meeting the GDPR needs of our customers

Using Lead Validation International, customers can identify potential risks with regards to the new GDPR, which went into effect in most European Union (EU) countries on May 25th, 2018. These new regulations, designed to protect the personal data of users within the EU, put a great burden on companies and require them to know if their leads are physically located in the EU, as well as, making sure the contact record data is authentic and up-to-date as possible.

So how does Lead Validation International help? In addition to the primary goal of determining the authenticity of a lead and its data points, Lead Validation International is now using geolocation to help identify the physical location of a lead and the various regulatory laws and restrictions that impact that location. The potential for GDPR risk is determined by examining the individual components; Address, IP Address and Phone number of each lead, as well as the overall lead, and determining if the lead resides in a country that observes the GDPR. If a component is found to be associated with the GDPR group, it is given a note: “IsInGDPR”. From here, an analysis of all components is automatically performed to determine if an additional note of “IsInGDPR” should be assigned to the overall notes of the lead.

Companies can use these data points to help assess their risks with any given lead. As of today, Lead Validation International only tracks GDPR risk. However, as new privacy laws and regulations come out, this feature of Lead Validation International will be extended to take these new laws into account and address the needs of our customers.

Check out the power of DOTS Lead Validation International!

New privacy regulations in Europe have recently become a very hot topic again within the business community. And no, we aren’t talking about the recent GDPR law.

A new privacy initiative, known as the ePrivacy Regulation, deals with electronic communications. Technically a revision to the EU’s existing ePrivacy Directive or “cookie law,” and pending review by the European Union’s member states, it could go into effect as early as this year. And according the New York Times, it is facing strong opposition from many technology giants including Google, Facebook, Microsoft and others.

Data privacy meets the app generation

Among other things, the new ePrivacy Regulation requires explicit permission from consumers for applications to use tracking codes or collect data about their private communications, particularly through messaging services such as Skype, iMessage, games and dating apps.  Companies will have to disclose up front how they plan to use this personal data, and perhaps more importantly, must offer the same access to services whether permission is granted or not.

Ironically this new law will also remove the previous directive’s need for the incessant “cookie notices” consumers now receive, by using browser tracking settings, while tightening the use of private data. This will be a mixed blessing for online services, because a simple default browser setting can now lock out the use of tracking cookies that many consumers routinely approved under the old pop-up notices. As part of its opposition to these new rules, trade groups are painting a picture of slashed revenues, fewer free services and curbs on innovation for trends such as the Internet of Things (IoT).

A longstanding saying about online services is that “when something is free, you are the product,” and this new initiative is one of the more visible efforts for consumers to push back and take control of the use of their information. And Europe isn’t alone in this kind of initiative – for example, the new California Consumer Privacy Act, slated for the late 2018 ballot, will also require companies to provide clear opt-out instructions for consumers who do not wish their data to be shared or sold.

The future: more than just European privacy laws

So what does this mean for you and your business? No one can precisely foretell the future of these regulations and others, but the trend over time is clear: consumer privacy legislation will continue to get tighter and tighter. And the days of unfettered access to the personal data of your customers and prospects are increasingly coming to an end. This means that data quality standards will continue to loom larger than ever for businesses, ranging from stricter process controls to maintaining accurate consumer contact information.

We frankly have always seen this trend as an opportunity. As with GDPR, regulations such as these have sprung from past excesses the lie at the intersection of interruptive marketing, big data and the loss of consumer privacy. Consumers are tired of endless spam and corporations knowing their every move, and legislators are responding. But more important, we believe these moves will ultimately lead businesses to offer more value and authenticity to their customers in return for a marketing relationship.

If you work with data, you have certainly heard by now about GDPR: the new European Union laws surrounding consumer data privacy that went into effect May 25, 2018. But how about PIPEDA, NDB, APPI, CCPA, and SHIELD?

These acronyms represent data privacy regulations in other countries (in these cases for Canada, Australia, Japan, California and New York respectively). Many are new or recently expanded, and all are examples of how your legal responsibilities to customers don’t stop with GDPR. More importantly, they represent an opportunity for you and your business to use data quality and 21st century marketing practices to differentiate yourself from your competition.

Data protection and privacy laws are becoming increasingly popular

Let’s discuss some of these new regulations. According to authentication vendor Auth0, there are a wide range of reasons for their recent proliferation. First, the rollout of GDPR has implications for other countries, including whether their personal data can flow into the EU – meaning that their data quality and protection regulations must align sufficiently with EU rules to be “whitelisted” by them. New laws now being adopted by other countries address issues such as breach notification, the use of genetic and biometric data, and the rights of individuals to stop their data from being sold.

Moreover, data privacy and security doesn’t stop with Europe and GDPR. Other countries are now starting to explore the rights of consumers in this new era of online information gathering and big data. For example, Japan and other countries now have additional regulations surrounding the use of personal information codes to identify data records, and there is increasing scrutiny on personal data that is gathered through means such as social media.

Contact data plays a key role in compliance

Now, let’s talk about your contact data. It often isn’t ready for global data regulations, through actions such as not gathering country information at the point of data entry, or having onerous location data entry requirements (like putting “United States” at the end of a long pull-down menu of countries) that encourage false responses. Worse, existing contact data often has serious information gaps or incorrect information, and it goes bad very quickly: for example, nearly 20% of phone numbers and 35% of email addresses change every year.

Finally, let’s talk about you. In the face of a growing list of data privacy and security regulations, your job isn’t just to become GDPR-compliant. It is to build and maintain a best-practices approach to data quality, which in turn keeps you up to date with both today’s consumer data laws and tomorrow’s.

Data quality best practices are a competitive differentiator

Taking a step back from this flood of new regulations, we would also suggest that an ideal goal isn’t just compliance – it is to leverage today’s data quality environment as a competitive opportunity. Why do these new laws exist? Because of consumer demand. People are tired of interruptive broad-brush marketing, invasive spam, and unwanted telemarketing. When you build your own marketing strategy around better targeting, curated customer relationships, and respect for the consumer, your focus can shift from avoiding penalties to growing your brand and market share faster.

We can help with both of these objectives. For starters, we now offer our Country Detective service, which can process up to 500 contact records and append correct countries to them to help guide your compliance efforts. And for the longer term we offer a free Global Data Assessment, where our team will consult with you at no charge about strategies for data quality in today’s new regulatory and market environment. Interested? Contact us to get the ball rolling, and take the next step in your global market growth.

If you do business in Europe, you are probably quite familiar by now with the acronym GDPR – the European Union’s General Data Protection Regulation. In May 2018, companies that handle personal information from European consumers will be required to follow strict new regulations for privacy, data security, and accuracy of personal data from EU citizens.

Many organizations are focused on avoiding the stiff penalties associated with GDPR violations. I have a different view. To me, the GDPR is an opportunity for business growth and marketing success as a result of the fundamental decisions you make about your data quality.

Let’s start with Article 5 of the GDPR, which will be one of the most critical compliance areas for most organizations. It requires you to make a good faith, best practice effort to correct or expunge errors in your contact database, along with ensuring data security and appropriate usage. You will need to be able to document these efforts to avoid penalties.

This Article responds to a norm among some organizations that a certain amount of bad contact data is an unavoidable cost of doing business – and in fact, according to SiriusDecisions, as many as 25% of marketing contact records currently contain critical errors. So what if Hans in Frankfurt or Liv in Stockholm gets a little extra junk mail because someone else lived at that address years ago?

To me, Article 5 of the GDPR forces you to care about something you should care about anyway – protecting your customers from unwanted marketing contacts. In addition, these unwanted or erroneous contacts are a serious drag on your marketing expenses and a waste of resources for the environment. Now that inexpensive API and list processing tools can validate addresses, lead quality and much more, it has long been past time for most organizations to put data quality on autopilot.

I feel that a similar nexus exists for much of the rest of the GDPR. For example, it has strict opt-in requirements that prevent you from “defaulting” a customer on to your marketing contact list, and you must make it simple for customers to modify their information or even be “forgotten” if they wish. Some may see rules like these as an onerous intrusion on their marketing process. I personally see it as the dawn of a new era in customer relationships, away from interruptive marketing and towards more collaborative – and ultimately more profitable – relationships.

So, go ahead and join the rush to become GDPR compliant by May. But in the process, take advantage of this time to re-think your data quality and marketing strategies for the long term. I think you’ll find that a new and much more effective business strategy lies in your future.

As the May 25, 2018, deadline looms, Service Objects, the leading provider of real-time global contact validation solutions, is offering a GDPR Data Quality Assessment to help companies evaluate their if they are prepared for the new set of privacy rules and regulations.

“Our goal is to help you get a better understanding of the role your client data plays in GDPR compliance,” says Geoff Grow, CEO and Founder, Service Objects. “With our free GDPR Data Quality Assessment, companies will receive an honest, third-party analysis of the accuracy of their contact records and customer database.”

Under the GDPR, personal data includes any information related to a natural person or ‘Data Subject’ that can be used to identify the person directly or indirectly. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Even if an organization is not based in the EU, it may still need to observe the rules and regulations of GDPR. That’s because the GDPR not only applies to businesses located in the EU but to any companies offering goods or services within the European Union. In addition, if a business monitors the behavior of any EU data subjects, including the processing and holding of personal data, the GDPR applies.

Recognizing the vital role contact data quality plays in GDPR compliance, Service Objects decided to offer a free data quality assessment to help those industries affected by the regulation measure the accuracy of their contact records and prepare for the May 2018 deadline.

The evaluation will include an analysis of up to 500 records, testing for accuracy across a set of inputs including name, phone, address, email, IP, and country. After the assessment is complete, a composite score will be provided, giving businesses an understanding of the how close they are to being compliant with GDPR’s Article 5.

Article 5 of the GDPR requires organizations collecting and processing personal information of individuals within the European Union (EU) to ensuring all current and future customer information is accurate and up-to-date. Not adhering to the rules and regulations of the GDPR can result in a fine of up to 4% of annual global turnover or €20 Million (whichever is greater).

“To avoid the significant fines and penalties associated with the GDPR, businesses are required to make every effort to keep their contact data is accurate and up-to-date,” Grow added. “Service Objects’ data quality solutions enable global businesses to fulfill the regulatory requirements of Article 5 and establish a basis for data quality best practices as part of a broader operational strategy.”

For more information on how to get started with your free GDPR Data Quality Assessment, please visit our website today.

With 2.1 billion active users, Facebook presents an exceptional opportunity for targeted marketing and businesses interested in harnessing the power of consumer data. In fact, there are now entire industries devoted to collecting and selling personally identifiable information. Unfortunately, the swift expansion of social media, with its tantalizing trove of consumer information, has left lawmakers playing catch up. However, that’s about to change, thanks, in part, to the scandal surrounding Facebook and Cambridge Analytica and its intersection with the General Data Protection Regulation (GDPR), an EU law governing data protection and privacy for all individuals within the European Union.

The GDPR effect

Though the GDPR will not take effect until May 25, 2018, if the breach of 50 million user account had happened while the law was in place, it would have resulted in a costly error for Facebook. As Austrian privacy campaigner and Facebook critic Max Schrems was quick to point out, had the unauthorized the sharing of profile data to Cambridge Analytica occurred while the GDPR was in effect, it “would have cost Facebook 4 percent of their global revenue”, somewhere in the ballpark of $1.6bn (€1.3bn).

But even before the Cambridge-Analytica story grabbed headlines, GDPR implementation was set to trigger significant changes to Facebook’s business operations. According to Reuters, Facebook faces a double-edged challenge: comply with the new GDPR rules and allow European users to opt out of targeted advertising, or violate the GDPR and face fines of up to 4% of the company’s annual revenue.  Considering 24% of Facebook’s ad revenue comes from EU users, either course of action represents a significant hit to profits for the company. And with global adoption of GDPR-type privacy protocols beginning to take hole around the world, Facebook and its social media cohorts will need to adapt to the changing consumer data landscape. 

A global movement

Though the EU primarily applies directly to data from EU citizens, it also controls the flow of personal data from within the EU to countries outside its borders. With US and UK legislation probable, this new era of data security means enormous changes in the way companies do business. As a result, international adoption of the GDPR’s privacy protocols is already taking hold around the world as counties begin to change their own data privacy rules. 

How businesses can prepare

So how can business owners make sure they do not follow in Facebook’s footsteps? Companies entrusted with customer data must first acknowledge their responsibility in keeping that information secure. It is not enough to create a security protocol; organizations must also enforce and audit those policies. Robust and comprehensive quality analysis is also crucial, especially in light of the GDPR Article 5 mandate requiring the personal information of individuals within the European Union (EU) be current and accurate. Finally, the use of contact data, especially when it comes to combining information from different sources, should also be monitored. It is not enough to know your information is accurate; you must also make sure you are using it in the manner it was intended to be used, both legally and ethically.

The benefits of data quality best practices

Though many businesses are still unprepared for the GDPR’s May 2018 deadline, it seems clear this latest scandal involving Facebook and Cambridge Analytica will spur many businesses into action.

The good news is implementing data quality best practices to comply with Article 5 makes good business sense. It will save organizations considerable money in the form of streamlined marketing and sales campaigns, improve overall customer service and reduce the waste associated with bad contact data.

Service Objects can help you get a better understanding of the role your customer data plays in becoming GDPR compliant. Send us up to 500 records (it is a 100% secure process) and we will provide you with an overall score of the quality of each record based on fields such as name, phone, address, email, IP, and country. Get started today.