Worried about being compliant? Questions to ask your data supplier

Data compliance is a hot topic at the moment. With the new General Data Protection Regulation (GDPR) that came into force in May, organisations are becoming increasingly aware they need to be able to demonstrate that their data processing is in accordance with regulation.

If you purchase marketing lists from a third party you will need to be able to prove this is processed in accordance with all current regulation, including GDPR and the Privacy and Electronic Communications Regulation (PECR), or you may be liable for an infringement fine. With this in mind, we thought it would be beneficial to provide a list of questions you should ask your supplier before purchasing data:

Where do they obtain the data from?

Reliable data suppliers will obtain their data from reputable sources that have stringent due diligence practices for the data they hold. Data HQ follow a complete transparency policy and have always been very clear about the data partners they work with.

How long have they been providing data lists?

Experience is an important factor. Look at the track record of the business on the Companies House database – it’s free to use. Here you can see when a company started, what the net value is and the scale of business.

How accurate is the data?

Data lists and consents should be refreshed regularly. GDPR requires that data processed under the scope of the Regulation be accurate.

How do they measure compliance with GDPR?

What policies and procedures do you have in place to demonstrate that you are compliant with the GDPR. How do they meet the rights of data subjects? Answers to these questions will give an indication over the diligence that supplier pays to ensuring that its lists are obtained and licensed lawfully and with transparency.

What is the supplier’s lawful basis for processing the data? If they are relying on legitimate interests, how have they assessed this to be the most suitable basis, and have they documented their assessment?

Do they have good corporate governance?

Perform your own checks on the company for corporate governance. Look at it’s turnover and view any accounts that are available. Consider the length of time it has been incorporated versus the length of time it has been supplying data – is this an area they really are experienced in? Consider avoiding suppliers that are unincorporated businesses.

Are they registered with the Information Commissioner’s Office (ICO)? They should have a registration number and be happy to share this. The ICO provides a register of data controllers – review what is recorded on that register against what the company says of its own processing.

Do their marketing lists contain individual subscribers?

There are specific rules under the Privacy and Electronic Communications (EC Directive) Regulations 2003 which govern unsolicited email marketing to individual subscribers, which include sole traders, partners and other unincorporated bodies without express consent. Any sole traders or other unincorporated business contacts on B2B lists must have consented to receive email marketing from the sender of those emails. This will be problematic because with marketing lists, in most cases, the individual could not have known which businesses would be marketing to them, at the time they gave their consent.

At Data HQ we only supply B2B data and have screened out sole traders and partnerships when supplying email data.

Do they have a good reputation?

Sometimes, word-of-mouth is a useful measure of the reliability of a business. Ask others for an honest evaluation of the supplier’s services. See if the supplier provides customer reviews or recommendations.

Here at Data HQ we pride ourselves on providing the highest quality B2B data with the majority of our work being repeat business. If you have any data compliance questions or B2B data requirements please do get in contact – we’ll be happy to help.

Further reading: Data HQ's complete guide to the GDPR