Using data cleansing and analysis to comply with GDPR
The EU General Data Protection Regulation (GDPR) has been one of the most significant pieces of legislation to face businesses in the last two decades.
The new regulation puts a tighter focus on personal data privacy, processing and security, while placing punitive fines on businesses which fail to comply (up to 4% of annual global turnover or €20 million, whichever is highest, for the most severe breaches).
For data suppliers responsible for providing accurate and compliant data to businesses, GDPR presents a significant challenge.
Cleansing databases of potentially illegal data has become a must, both to ensure clients do not fall foul of GDPR regulations as well as avoiding severely damaging your own business in the process.
GDPR and email marketing with licensed (bought-in) data
Email marketing is already subject to data compliance law in the shape of the Privacy and Electronics Communications Regulations (PECR) - soon to be replaced by the ePrivacy Regulation, which remains in the pipeline despite some delays.
Under GDPR, a work email address is still classed as personal data - regardless of whether it is a corporate address, or that of an employee of a partnership or a sole trader.
PECR deals with gaining permission to send marketing by email. The general rule is that you must gain 'prior consent' before sending marketing emails, but exemptions exist within a B2B environment (ie. corporates) which allow emails to be sent to employees without this consent.
Sole traders and partnerships, however, are classed in the same realm as consumers, so require prior consent.
It is essential that any data being provided to clients complies with this very specific requirement i.e. that it is solely for B2B marketing.
Email marketing and "legitimate interest"
This ability to continue emailing corporates falls under the confines of "legitimate interest" and will allow you or your clients to email without consent as long as:
- Companies fit the criteria of a limited company, public limited company, limited liability partnership or government department
- Any corporate employees are still able to easily opt-out of further communication
- Products or services being marketed can only be bought for professional purposes
- The sender is easily identifiable and provides contact details
At Marketscan we have created one of the largest, legally compliant email feeds in the UK, ensuring both you and your clients meet the GDPR requirement.
Using the Marketscan Megabase we can quickly compare your data with our file to ensure information is legally compliant, as demonstrated by the chart below:
This shows the breakdown of data matched against a company record with a registration number (green) which can be marketed to under legitimate interest.
Megabase also shows those companies which match a corporate record, but may not have a registration number, so need further clarification on whether they can be marketed to.
Additionally, it identifies companies that have not matched our database and are recommended for manual verification before contacting.
Data cleansing and telephone communications
While much of today's marketing communication is done online or via a digital channel, it can be easy for a client to overlook existing sources of telephone contact details that should no longer be stored or accessed.
Part of your data cleansing should ensure that clients' prospects are not registered with The Telephone Preference Service (TPS) and the Corporate Telephone Preference Service (CTPS). Individuals on these registers have "opted-out" of receiving unsolicited sales calls and should be flagged so they are not called.
Considering that the Information Commissioner's Office can now impose significant fines for making unsolicited marketing calls, your data cleansing routines should ensure clients remain compliant.
The below graph demonstrates how we can help identify those contact details which are - or are not - registered with either the TPS or CTPS and ensure your client's data meets current legislation:
Cleansing data lists of irrelevant and illegal data is now more important than ever. We fully expect to see more businesses recognising this requirement in the coming months, especially as firms become familiar with the GDPR and other regulations, and as the penalties for non-compliance become clearer.
Ensuring that data lists are up to date is not just essential for data protection compliance; it also helps to reduce the costs of marketing campaigns and provides the opportunity for higher response rates and success than those businesses relying on older data sets.
An opportunity in new data rules
While much of GDPR and other data regulations present a challenge for businesses when it comes to their contact databases, it also creates opportunities to interact with a more focused and engaged one.
By helping your clients analyse and cleanse their database of illegal and non-compliant contact information, you not only give them the best chances of success in their own campaign, but increase your own ROI and reputation as a supplier of targeted, actionable and compliant data.
To find out how Marketscan can help you help your clients with their data cleansing and analysis requirements, click here.