How Fresh is your Data?

and

The GDPR: Key Facts

 How Fresh is your Data?
Consider that 2.96 million people move every year. Why do they move?
Some for job changes, some due to marriages, divorces, and others to be near
aging parents.
Whatever the reason, moving is just one of many causes for an annual overall
contact data decay rate of 20 to 30%.
Even though some one’s physical parameters were constant, the change still could
include last name, changes in email addresses and internet providers, changes in
cable service providers and multiple life stage changes from newlywed, new home-
owner, parent and pet owner to a distant view of an empty nest now in sight.
A brand that did not keep up would not have a snowball’s chance of speaking to me
in a meaningful way.
What does Bad Data Look like?
 4C’s of Data Quality
So how does a brand proactively maintain quality data? By starting with the
four C’s of data quality – Correct, Current, Complete and Ethically Collected.

1) Is Your Data Correct?

• Normalizing your data means making sure that all of the data elements of the same
type (all of your phone numbers, all of your home and email addresses, etc.) look like
one another and follow the same format. Phone numbers, for example, serve as a great
model.
• For example, all phone numbers in the United States contain 10 digits. The first step is
to check that each one has the proper number of digits. Then, we would also want to
ensure the phone numbers were all presented the same way such as 123.456.2890.
• Next, we want to check the data on a fundamental level to see if it really is correct. To
continue with the phone number example, you must check to see if the phone number
is actually in use and if the number you have for Mary Smith really belongs to Mary
Smith.
 4C’s of Data Quality
2) Is Your Data Complete?
• Once your data has been normalized and you are confident it is accurate, you can
now examine your data to ensure it is also complete.
• For example, if we notice the data element has 9 digits instead of 10, we can look
further to identify if it is simply missing a number or if, perhaps, the wrong
information was stored as a phone number when it is really an address or a
customer identification number.
• The next check is if the information falls within an accepted range. For example, a
phone number can be checked against known rules to see if the area code is
valid. Or a ZIP Code can be checked to make sure it has the right number of digits
and that it matches the listed city or town.
3) Is Your Data Current?
• Your data is now correct and complete, but is it current? Does Jennifer Jones still
live at the address you have or has she moved? Is her last name still Jones? Is her
phone number still correct?
 4C’s of Data Quality
• Recognizing a consumer’s current information helps businesses avoid
embarrassing and costly mistakes – like sending one household four copies of the
same catalog—to you, to your spouse, to your mother-in-law and to your teenager
• The identity resolution process helps create stronger customer portraits by
merging multiple customer records to create a comprehensive picture of each
customer (see www.acxiom.com).
4) Is Your Data Collected Ethically?
• When it comes to practices regarding your data, you should go above and beyond
what is required by law. It’s key to building a trust-based relationship with
customers to include policies and procedures that ensure data uses are fair and
just to consumers.
Some rules of thumb include:
• Data should be used to benefit both parties in a transaction.
 4C’s of Data Quality
• Every data supplier and data source should be vetted to help keep data quality
high and checked on a yearly basis.
• By building repeatable front-end processes to ensure the ethical collection and
use of data, you create a win-win situation for your business and consumers.

To combat data decay, start cleaning existing data – today. Clean data early in the
process as it comes in.

Correct records before they get in your customer database. Once the data becomes
“official,” it becomes exponentially more expensive to get rid of it.

Finally, because data quality decays so quickly, data must be processed regularly to
minimize data quality issues. Determine the frequency and the process required to
keep your data correct, current and complete.
 The GDPR: Key Facts
The scope of the European Union General Data Protection Regulation (GDPR) is
broad, covering personal information that can be linked to an identifiable individual
(such as national identification number, employee authentication, payment-
transaction history, and date of birth) in any format (structured or unstructured)
and in any medium (online, offline, or backup storage).
The regulation is designed to protect the privacy of EU residents by introducing
stringent consent requirements, data-subject rights, and obligations on
organizations that gather, control, and process data.
Its core requirements cover the following:
• Record of activities. Organizations should maintain a record of data-processing
activities and be ready to present it to the regulator at any time.
• Legal basis for data. All data processing should have a legal basis, such as the
consent of the data subject or the need to fulfill a regulatory or legitimate
business purpose.
 The GDPR: Key Facts
• Rights of data subjects. Data subjects are imbued with rights that organizations
must honor such as the right to be forgotten (or, to data erasure), the right to
data portability, the right to object, the right to revoke consent, and the right to
restrict processing.
• Security. Organizations should protect data through a set of controls, such as
encryption or “pseudonymization,” and have effective operational procedures
and policies for handling data safely.
• Third-party management. Vendors and suppliers, including outsourcing partners,
should be required to protect personal data and should be monitored.
• Privacy by design. Data protection should be included in the business-as-usual
processes such as with any organization planning a new technology, product, or
service from the beginning of the development process.
• Breach notification. Data breaches likely to result in high risk to individuals’ rights
and freedoms should be reported to the authorities within 72 hours and
subsequently to the data subjects as well in certain cases.
 The GDPR: Key Facts
The new regulation is enforced via national supervisory authorities within the
European Union that are granted wide-ranging enforcement powers and sanctions,
such as the power to ban data processing.
The fines for failure to comply are high, as much as 4% of annual worldwide
revenues. The GDPR also allows individuals to seek civil actions (including class-
action lawsuits) against organizations that violate their data-protection rights.
While GDPR is the most expansive regulation of its kind to date, there has also
been movement in other geographies to increase protections around personal
data.
In the United States, for example, the state of California recently passed the
California Consumer Privacy Act of 2018, which holds organizations to similar
standards and imbues data subjects with similar rights.