Blogs & ideas

Data HQ marketing lists: How compliant is our data?

Padlock Teaser

By Tim Holt 2 min read

Yellow lightbulb icon
#DataHQIDEAS

At Data HQ, we really care about the quality and legitimacy of the data lists we provide to our customers, which is evident in the volume of repeat business we receive.

In this blog, we explain how our data is compliant and provide a useful summary that can be used as a sense check when buying data lists.

How is our data compliant?

Firstly, we only license data from sources we trust. Secondly, we can measure the quality of the data by its depth and its accuracy. Thirdly, we obtain warranties as to the data we license. Finally, our Head of Legal & Compliance will review the lawful basis for processing of data.

Our data lists are B2B only – we do not provide consumer data. We conduct rigorous screening of our lists for inconsistencies or inaccuracies. Part of our screening also flags whether there are any sole traders or non- corporate contacts within the list.

Consent (or ‘opt-in’) may or may not have been obtained for each contact on these lists, however consent is not legally required for B2B contacts of incorporated organisations (direct marketing by email, mail or telephone (live calls)).

Additionally, for GDPR compliance, data lists must be processed lawfully.

The lawful basis for processing these contacts is that we have a ‘legitimate interest’ to process them for the exclusive purpose of direct marketing.

We reach the conclusion that the processing is lawful using this legal basis, by conducting a legitimate interest assessment.

B2B List Sales – Our legal compliance summary

To help our clients understand our internal compliance processes and provide the reassurances needed when it comes to purchasing B2B data we provide the following summary:

1. Our data lists contain B2B contacts, where no ‘opt-out’ has been made

2. We regularly screen our B2B lists for contacts who are sole traders and those in partnerships

3. Consent (or ‘opt-in’) may or may not have been obtained for each contact on these lists, however consent is not legally required for B2B contacts of incorporated organisations (direct marketing by email, mail or telephone (live calls))

4. To comply with GDPR, the B2B contacts list must be processed lawfully by us, and by the buyer of the list

5. The lawful basis for processing these contacts is that we have a ‘legitimate interest’ to process them for the exclusive purpose of direct marketing

6. We assess this to be an appropriate lawful basis, because:

- The data subjects are business contacts (names, telephone numbers and email addresses)

- The processing is of business contact details, and there is a demonstrable low impact on the privacy of the individual

- Email direct marketing is a reasonable and proportionate method of processing to achieve commercial objectives

- The data subjects in question might reasonably expect to receive business marketing to their corporate email addresses; as such, the processing is transparent and fair

7. The data subjects may easily indicate that the data processing is against their wishes, by unsubscribing from marketing emails

8. We conclude that the rights and freedoms of the data subjects in question are not disproportionately or negatively infringed upon through this course of processing

9. Where a B2B contact objects to this processing, we will stop processing for this purpose (GDPR compliance and PECR compliance i.e. ‘opting out’)

Further reading: Data HQ's complete guide to the GDPR

Share this blog

Our stories and ideas direct to your inbox