By now you will have realised that data compliance is at the heart of everything we do at DBS Data.
We guarantee that any data you buy from us is GDPR, PECR & DPA compliant and within The DMA (Direct Marketing Association) and ICO (Information Commisioners Office) guidelines.
We are recognised by The DMA as being fully compliant with The DMA’s Data Compliance Audit process which has recently been updated and up scaled to make it more rigorous. This externally audited process is designed and owned by the DMA but executed by DQM GRC. DQM GRC is an independent third party auditor with specialist knowledge in data governance, risk mitigation, data compliance and advisory service. As part of the audit process, the independent assessors reviewed our complete approach to key data issues such as:
- Supplier and client relationships and contract
- Consent, privacy, security, age, engagement of data
- Suppression policies
- Retention policy
- Staff training
- Selection, extraction and delivery of data
DBS Data are able to consult, audit and train to meet the requirements of DPA 1998, PECR, ICO Guidance and GDPR. This includes the following:-
- Data capture points, FPN’s and privacy policies and how well suited they are to their proposed use of data
- Age of customer and inquirer data and retention policies
- Database protocols, governance and security
- DP info held against each record (original consent date and statement, dates of engagement, consented uses and categories
- Suppression policies and processes
- DP security
- Use of 3rd party data
Ethical Data Policy
We have a duty to protect our audience and that means not just being compliant but also going further. We also have an ethical data policy that ensures that our audience remains engaged with truly targeted, relevant and timely communications. Our ethical data policy states the following:
- Exclusion of individuals aged 75+
- No offers can be deemed a nuisance, including but not limited to PPI, Pension pot, time-share, loan decline/sub-prime, payday loans, hearing aid, smoking, gambling
- Mail piece, email copy, phone script must be approved for EVERY campaign. For intermediaries/resellers indicative copy may be acceptable dependent up how established the relationship with their client is.
Data Collection Policy
Data Retention Policy
DBS retain data subject’s details for as long as they are valid, accurate and up to date or until such time that a data subject chooses to unsubscribe directly with us or via one of our partners who are making use of their details provided by us. We maintain regular contact and we ensure that data subjects have the opportunity to opt out at least once every six months.
- A contributor (or a client) requests it be suppressed (actioned within 7 days of request)
- Processing determines the record to be inaccurate
- Marketing activity determines the record to be invalid
- The record matches to a DBS suppression file
- The data subject requests (by any means) that their details be suppressed (actioned within 7 days of request)
- No offers (opportunities to opt-out) have been sent to the data subject for six consecutive months
Data Subject Access Requests (DSARs) & Opting Out
DBS aim to respond to DSARs within two working days and in most cases within one working day. Data subject requests (by any means) that their details be deleted/removed/suppressed are actioned within 7 days of a request. Regardless of whether we hold a data subject details we are pleased to add them to our suppression files (Remove my details) to ensure that we do not make use of them now or in the future should they so choose. Further, we assist data subjects should they wish to be removed from other industry lists.
Applicable Legislation, Directives, Guidelines and Codes of Practice
Read for yourself the various guidelines and policies that are important to know when you use B2C and B2B data
Other useful data compliance links include:-