By Geoff Grow
If you are responsible for your organization’s marketing or customer contact data – and you do business with clients in Europe – than you are no doubt familiar by now with the European Union’s General Protection Data Regulation, or GDPR. It takes effect in May 2018, with the force of law and potentially stiff financial penalties behind it.
GDPR is more than a set of rules to follow: it is an all-encompassing approach to consumer privacy and data security that will become a benchmark for how we treat personal data in the future. Here, I would like to look at Article 5 of GDPR – the part that addresses how you handle your contact data – and discuss how you can use a data quality approach that involves both tools and processes as part of your compliance efforts.
About Article 5
The key requirements of GDPR’s Article 5 involve appropriate usage, accuracy and data security. Specifically, it mandates that “every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.” Furthermore, you must be able to document having followed reasonable best practices for data quality, with Article 5 noting that “The controller shall be responsible for and be able to demonstrate compliance.”
Automated validation of your contact data is a must for Article 5 compliance, both to flag contacts that are within the European Union and fall under GDPR requirements, and to ensure the accuracy of the data. Tools you can use here include address validation, which compares your contact data against international postal and contact databases, as well as lead validation, which compares multiple criteria to yield a composite lead quality score to evaluate accuracy. Email validation tools can check for legitimate addresses as well as common misspellings (such as “gmial.com” versus “gmail.com”), while IP validation can help geolocate inbound contacts to flag possible fraud as well as EU origin. Tools such as these can either be implemented via API programming within your marketing platform or batch processing of your contact data.
Under GDPR, it will be important to do validation at both the time of data entry and at time of use. The latter is particularly critical, as up to 70% of your contact data may become incorrect over the course of a year as people change jobs, addresses and make other moves. Another important process involves your procedures for correcting or expunging incorrect contacts. In addition, documenting your use of data quality tools as well as your processes for using them can protect you in the event of potential violations.
The bigger picture
Of course, there is more to GDPR than contact data and Article 5. Some of its broader aspects include getting and documenting explicit permission to opt-in to marketing communications, and giving consumers clear and straightforward options for managing these permissions. It even gives people the right to be “forgotten” by having their personal data removed from your databases. All of these are part of a sea change in how we approach marketing to prospects and customers in the 21st century. But the road to GDPR compliance – and ultimately, your business success – starts and ends with building a data quality infrastructure around your contact data assets.
Geoff Grow is the founder and CEO of Service Objects. His interests combine mathematics, computing and the environment, in a data quality firm with its roots in reducing the waste stream from unwanted and misdirected marketing materials. An avid outdoorsman, Geoff can often be found on his bicycle or playing beach volleyball.