You wouldn’t buy a car without asking a few questions first. What’s the mileage like? When did it last pass inspection? Treat buying data with the same care and concern.
In 2022, data is king. Good luck selling anything without it. However, not everyone can be a data expert, so we made this list of questions to ask potential data vendors so you can be confident the data you’re paying for is squeaky clean.
Why do you need to ask your data vendor these questions? Because in a world where data regulations are always changing, it’s important to be sure the data you’re using won’t get you in trouble or alienate your customers.
“When target audiences lose faith in our ability to safeguard their interest, they’re far less likely to interact with our marketing engagement efforts, much less do business with our companies.”
These questions are in reference to The General Data Protection Regulation (GDPR) released by the European Union. That being said, if you aren’t impacted by GDPR, if you’re dealing with data, regulations exist or are moving in quickly. With more and more countries, states, and regions enacting their own data regulations similar to our friends across the pond, it’s important to be forward-thinking when it comes to data quality. Don’t wait until it’s too late to get the best data available. Good data hygiene is always a solid investment.
1. Are they collecting and sharing personal data with you?
Personal data is anything that is traceable back to an individual. So things like first and last names, email addresses, phone numbers, LinkedIn profiles, social IDs and more all count as personal data.
2. Where is the personal data collected from?
For example, LeadSift scrapes the public web. Personal data from the public web would include first and last names, which most people choose to provide on their social media profiles. Intent vendors, LeadSift included, may have relationships with publishers and content providers where members can opt-in to have their personal data processed.
Data compliance is a spectrum, and there are a lot of grey areas.
“Some data providers will get your names and email addresses among intent-identified accounts using their own contact databases. This, however, is a gray area of compliance (and I’m being lenient here), because you don’t know if or how exactly these contacts opted into providing their information.” – David Crane
3. What is the lawful basis for collecting and processing the data?
In total there are six lawful bases for collecting and processing personal data in the EU. However, for marketers and sales reps, the two you need to focus on are consent and legitimate interest.
4. Do they have explicit consent and how do they get it?
GDPR outlines explicit consent as “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
The individual has to be made aware of how their information will be used and given a clear opportunity to approve or disapprove of the processing. The data subject can’t be cornered or required to opt-in their data as a condition of using the service. “Silence, pre-ticked/checked boxes, or inactivity does not, therefore, constitute consent. That said, if you or any vendors you work with ensures that all contact-level data was acquired through such compliant means (typically by a clear opt-in or double opt-in process), you should be able to contact them via the normal marketing channels, as long as such uses were clearly stated when the individual opted in”, Says Crane.
There are a few exceptions when it comes to data that is necessary for the provision of service. For example, credit card information and shipping addresses can be required for processing payments and product deliveries (GDPR.EU)
If a vendor doesn’t have explicit consent, then they are likely using legitimate interest as the lawful basis to collect the data, which is why the next question is incredibly important to ask.
5. Can you see a copy of a legitimate interest assessment?
When you receive a copy of a legitimate interest assessment (LIA) from a vendor, that’s a good sign. They are aligning themselves with data accountability and data hygiene. Two fantastic traits to look for in a vendor. As a result, you can be confident you’re putting your budget in the right place.
So what does a proper LIA look like?
A good LIA will be specific and clear. The length of the assessment will be determined by specific circumstances surrounding the data collection practices and therefore will vary from vendor to vendor. The EU does not lay out specifics on how a legitimate interest assessment should be carried out. The UK’s data authority, the information commissioner’s office (ICO), suggests a three-part test that can help data processors determine their legitimate interest:
- Purpose test (is there legitimate interest behind the processing?)
- Necessity test (is the processing necessary?)
- Balancing test (does the individual’s interests and rights and freedoms override your legitimate interests.)
Want to see how LeadSift stays compliant with GDPR? Meet with us and ask all these questions, and more! Go ahead and grill us, we can take it.