Posts Tagged ‘GDPR’

data privacy laws

A New Data Privacy Challenge for Europe – and Beyond

New privacy regulations in Europe have recently become a very hot topic again within the business community. And no, we aren’t talking about the recent GDPR law.

A new privacy initiative, known as the ePrivacy Regulation, deals with electronic communications. Technically a revision to the EU’s existing ePrivacy Directive or “cookie law,” and pending review by the European Union’s member states, it could go into effect as early as this year. And according the New York Times, it is facing strong opposition from many technology giants including Google, Facebook, Microsoft and others.

Data privacy meets the app generation

Among other things, the new ePrivacy Regulation requires explicit permission from consumers for applications to use tracking codes or collect data about their private communications, particularly through messaging services such as Skype, iMessage, games and dating apps.  Companies will have to disclose up front how they plan to use this personal data, and perhaps more importantly, must offer the same access to services whether permission is granted or not.

Ironically this new law will also remove the previous directive’s need for the incessant “cookie notices” consumers now receive, by using browser tracking settings, while tightening the use of private data. This will be a mixed blessing for online services, because a simple default browser setting can now lock out the use of tracking cookies that many consumers routinely approved under the old pop-up notices. As part of its opposition to these new rules, trade groups are painting a picture of slashed revenues, fewer free services and curbs on innovation for trends such as the Internet of Things (IoT).

A longstanding saying about online services is that “when something is free, you are the product,” and this new initiative is one of the more visible efforts for consumers to push back and take control of the use of their information. And Europe isn’t alone in this kind of initiative – for example, the new California Consumer Privacy Act, slated for the late 2018 ballot, will also require companies to provide clear opt-out instructions for consumers who do not wish their data to be shared or sold.

The future: more than just European privacy laws

So what does this mean for you and your business? No one can precisely foretell the future of these regulations and others, but the trend over time is clear: consumer privacy legislation will continue to get tighter and tighter. And the days of unfettered access to the personal data of your customers and prospects are increasingly coming to an end. This means that data quality standards will continue to loom larger than ever for businesses, ranging from stricter process controls to maintaining accurate consumer contact information.

We frankly have always seen this trend as an opportunity. As with GDPR, regulations such as these have sprung from past excesses the lie at the intersection of interruptive marketing, big data and the loss of consumer privacy. Consumers are tired of endless spam and corporations knowing their every move, and legislators are responding. But more important, we believe these moves will ultimately lead businesses to offer more value and authenticity to their customers in return for a marketing relationship.

Around the World with Data Privacy Laws

If you work with data, you have certainly heard by now about GDPR: the new European Union laws surrounding consumer data privacy that went into effect May 25, 2018. But how about PIPEDA, NDB, APPI, CCPA, and SHIELD?

These acronyms represent data privacy regulations in other countries (in these cases for Canada, Australia, Japan, California and New York respectively). Many are new or recently expanded, and all are examples of how your legal responsibilities to customers don’t stop with GDPR. More importantly, they represent an opportunity for you and your business to use data quality and 21st century marketing practices to differentiate yourself from your competition.

Data Protection and Privacy Laws Are Becoming Increasingly Popular

Let’s discuss some of these new regulations. According to authentication vendor Auth0, there are a wide range of reasons for their recent proliferation. First, the rollout of GDPR has implications for other countries, including whether their personal data can flow into the EU – meaning that their data quality and protection regulations must align sufficiently with EU rules to be “whitelisted” by them. New laws now being adopted by other countries address issues such as breach notification, the use of genetic and biometric data, and the rights of individuals to stop their data from being sold.

Moreover, data privacy and security doesn’t stop with Europe and GDPR. Other countries are now starting to explore the rights of consumers in this new era of online information gathering and big data. For example, Japan and other countries now have additional regulations surrounding the use of personal information codes to identify data records, and there is increasing scrutiny on personal data that is gathered through means such as social media.

Contact Data Plays a Key Role in Compliance

Now, let’s talk about your contact data. It often isn’t ready for global data regulations, through actions such as not gathering country information at the point of data entry, or having onerous location data entry requirements (like putting “United States” at the end of a long pull-down menu of countries) that encourage false responses. Worse, existing contact data often has serious information gaps or incorrect information, and it goes bad very quickly: for example, nearly 20% of phone numbers and 35% of email addresses change every year.

Finally, let’s talk about you. In the face of a growing list of data privacy and security regulations, your job isn’t just to become GDPR-compliant. It is to build and maintain a best-practices approach to data quality, which in turn keeps you up to date with both today’s consumer data laws and tomorrow’s.

Data Quality Best Practices Are a Competitive Differentiator

Taking a step back from this flood of new regulations, we would also suggest that an ideal goal isn’t just compliance – it is to leverage today’s data quality environment as a competitive opportunity. Why do these new laws exist? Because of consumer demand. People are tired of interruptive broad-brush marketing, invasive spam, and unwanted telemarketing. When you build your own marketing strategy around better targeting, curated customer relationships, and respect for the consumer, your focus can shift from avoiding penalties to growing your brand and market share faster.

We can help with both of these objectives. For starters, we now offer our Country Detective service, which can process up to 500 contact records and append correct countries to them to help guide your compliance efforts. And for the longer term we offer a free Global Data Assessment, where our team will consult with you at no charge about strategies for data quality in today’s new regulatory and market environment. Interested? Contact us to get the ball rolling, and take the next step in your global market growth.

The GDPR is the dawn of a new era in customer relationships, providing new opportunities for business growth and marketing success as companies move away from interruptive marketing towards collaborative – and ultimately more profitable – relationships.

What Role Does Contact Data Quality Play in GDPR Compliance?

If you do business in Europe, you are probably quite familiar by now with the acronym GDPR – the European Union’s General Data Protection Regulation. In May 2018, companies that handle personal information from European consumers will be required to follow strict new regulations for privacy, data security, and accuracy of personal data from EU citizens.

Many organizations are focused on avoiding the stiff penalties associated with GDPR violations. I have a different view. To me, the GDPR is an opportunity for business growth and marketing success as a result of the fundamental decisions you make about your data quality.

Let’s start with Article 5 of the GDPR, which will be one of the most critical compliance areas for most organizations. It requires you to make a good faith, best practice effort to correct or expunge errors in your contact database, along with ensuring data security and appropriate usage. You will need to be able to document these efforts to avoid penalties.

This Article responds to a norm among some organizations that a certain amount of bad contact data is an unavoidable cost of doing business – and in fact, according to SiriusDecisions, as many as 25% of marketing contact records currently contain critical errors. So what if Hans in Frankfurt or Liv in Stockholm gets a little extra junk mail because someone else lived at that address years ago?

To me, Article 5 of the GDPR forces you to care about something you should care about anyway – protecting your customers from unwanted marketing contacts. In addition, these unwanted or erroneous contacts are a serious drag on your marketing expenses and a waste of resources for the environment. Now that inexpensive API and list processing tools can validate addresses, lead quality and much more, it has long been past time for most organizations to put data quality on autopilot.

I feel that a similar nexus exists for much of the rest of the GDPR. For example, it has strict opt-in requirements that prevent you from “defaulting” a customer on to your marketing contact list, and you must make it simple for customers to modify their information or even be “forgotten” if they wish. Some may see rules like these as an onerous intrusion on their marketing process. I personally see it as the dawn of a new era in customer relationships, away from interruptive marketing and towards more collaborative – and ultimately more profitable – relationships.

So, go ahead and join the rush to become GDPR compliant by May. But in the process, take advantage of this time to re-think your data quality and marketing strategies for the long term. I think you’ll find that a new and much more effective business strategy lies in your future.

Recognizing the vital role contact data quality plays in GDPR compliance, Service Objects is offering affected businesses a free data quality assessment.

Free Data Quality Assessment Helps Businesses Gauge GDPR Compliance Ahead of May Deadline

As the May 25, 2018, deadline looms, Service Objects, the leading provider of real-time global contact validation solutions, is offering a GDPR Data Quality Assessment to help companies evaluate their if they are prepared for the new set of privacy rules and regulations.

“Our goal is to help you get a better understanding of the role your client data plays in GDPR compliance,” says Geoff Grow, CEO and Founder, Service Objects. “With our free GDPR Data Quality Assessment, companies will receive an honest, third-party analysis of the accuracy of their contact records and customer database.”

Under the GDPR, personal data includes any information related to a natural person or ‘Data Subject’ that can be used to identify the person directly or indirectly. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Even if an organization is not based in the EU, it may still need to observe the rules and regulations of GDPR. That’s because the GDPR not only applies to businesses located in the EU but to any companies offering goods or services within the European Union. In addition, if a business monitors the behavior of any EU data subjects, including the processing and holding of personal data, the GDPR applies.

Recognizing the vital role contact data quality plays in GDPR compliance, Service Objects decided to offer a free data quality assessment to help those industries affected by the regulation measure the accuracy of their contact records and prepare for the May 2018 deadline.

The evaluation will include an analysis of up to 500 records, testing for accuracy across a set of inputs including name, phone, address, email, IP, and country. After the assessment is complete, a composite score will be provided, giving businesses an understanding of the how close they are to being compliant with GDPR’s Article 5.

Article 5 of the GDPR requires organizations collecting and processing personal information of individuals within the European Union (EU) to ensuring all current and future customer information is accurate and up-to-date. Not adhering to the rules and regulations of the GDPR can result in a fine of up to 4% of annual global turnover or €20 Million (whichever is greater).

“To avoid the significant fines and penalties associated with the GDPR, businesses are required to make every effort to keep their contact data is accurate and up-to-date,” Grow added. “Service Objects’ data quality solutions enable global businesses to fulfill the regulatory requirements of Article 5 and establish a basis for data quality best practices as part of a broader operational strategy.”

 

For more information on how to get started with your free GDPR Data Quality Assessment, please visit our website today.

As the GDPR ushers in a new generation of consumer data privacy controls, the Facebook and Cambridge Analytica scandal proves businesses need to prepare.

Facebook, Data Quality, and the GDPR

With 2.1 billion active users, Facebook presents an exceptional opportunity for targeted marketing and businesses interested in harnessing the power of consumer data. In fact, there are now entire industries devoted to collecting and selling personally identifiable information. Unfortunately, the swift expansion of social media, with its tantalizing trove of consumer information, has left lawmakers playing catch up. However, that’s about to change, thanks, in part, to the scandal surrounding Facebook and Cambridge Analytica and its intersection with the General Data Protection Regulation (GDPR), an EU law governing data protection and privacy for all individuals within the European Union.

The GDPR Effect 

Though the GDPR will not take effect until May 25, 2018, if the breach of 50 million user account had happened while the law was in place, it would have resulted in a costly error for Facebook. As Austrian privacy campaigner and Facebook critic Max Schrems was quick to point out, had the unauthorized the sharing of profile data to Cambridge Analytica occurred while the GDPR was in effect, it “would have cost Facebook 4 percent of their global revenue”, somewhere in the ballpark of $1.6bn (€1.3bn).

But even before the Cambridge-Analytica story grabbed headlines, GDPR implementation was set to trigger significant changes to Facebook’s business operations. According to Reuters, Facebook faces a double-edged challenge: comply with the new GDPR rules and allow European users to opt out of targeted advertising, or violate the GDPR and face fines of up to 4% of the company’s annual revenue.  Considering 24% of Facebook’s ad revenue comes from EU users, either course of action represents a significant hit to profits for the company. And with global adoption of GDPR-type privacy protocols beginning to take hole around the world, Facebook and its social media cohorts will need to adapt to the changing consumer data landscape. 

A Global Movement

Though the EU primarily applies directly to data from EU citizens, it also controls the flow of personal data from within the EU to countries outside its borders. With US and UK legislation probable, this new era of data security means enormous changes in the way companies do business. As a result, international adoption of the GDPR’s privacy protocols is already taking hold around the world as counties begin to change their own data privacy rules. 

How Businesses Can Prepare

So how can business owners make sure they do not follow in Facebook’s footsteps? Companies entrusted with customer data must first acknowledge their responsibility in keeping that information secure. It is not enough to create a security protocol; organizations must also enforce and audit those policies. Robust and comprehensive quality analysis is also crucial, especially in light of the GDPR Article 5 mandate requiring the personal information of individuals within the European Union (EU) be current and accurate. Finally, the use of contact data, especially when it comes to combining information from different sources, should also be monitored. It is not enough to know your information is accurate; you must also make sure you are using it in the manner it was intended to be used, both legally and ethically.

The Benefits of Data Quality Best Practices

Though many businesses are still unprepared for the GDPR’s May 2018 deadline, it seems clear this latest scandal involving Facebook and Cambridge Analytica will spur many businesses into action.

The good news is implementing data quality best practices to comply with Article 5 makes good business sense. It will save organizations considerable money in the form of streamlined marketing and sales campaigns, improve overall customer service and reduce the waste associated with bad contact data.

Service Objects can help you get a better understanding of the role your customer data plays in becoming GDPR compliant. Send us up to 500 records (it is a 100% secure process) and we will provide you with an overall score of the quality of each record based on fields such as name, phone, address, email, IP, and country. Get started today.