Home > Our Compliance

Our Compliance

Data compliance and protection is at the heart of everything we do at DBS Data.

Please take a moment to watch this short video about what we might do with your details.

All of our data is GDPR, PECR & DPA compliant and within The DMA (Direct Marketing Association) and ICO (Information Commisioner’s Office) guidelines.

We are recognised by The DMA as being fully compliant with The DMA’s Data Compliance Audit process which has recently been updated and up scaled to make it more rigorous. This externally audited process is designed and owned by the DMA but executed by DQM GRC. DQM GRC is an independent third party auditor with specialist knowledge in data governance, risk mitigation, data compliance and advisory service. As part of the audit process, the independent assessors reviewed our complete approach to key data issues such as:

Supplier and client relationships and contracts
Consent, privacy, security, age, engagement of data
Suppression policy
Retention policy
Staff training
Selection, extraction and delivery of data

Our Ethical Data Policy

We have a duty to protect our audience and that means not just being compliant but also going further. We also have an ethical data policy that ensures that our audience remains engaged with truly targeted, relevant and timely communications. Our ethical data policy states the following:

Exclusion of individuals aged 75+
No offers can be deemed a nuisance, including but not limited to PPI, Pension pot, time-share, loan decline/sub-prime, payday loans, hearing aid, smoking, gambling
Mail piece, email copy, phone script must be approved for EVERY campaign. For intermediaries/resellers indicative copy may be acceptable dependent up how established the relationship with their client is.

Our Data Collection Policy

DBS Data collects data from a variety of sources from the public domain such as The Electoral Roll, Companies House and Land Registry, and from consented online and offline lead generation and surveys. Our contributors of consented data collect permissioned data compliant with all applicable laws, regulations and guidelines surrounding the use of third party data and in accordance with this example consent statement, privacy policy and terms & conditions.

Our Data Retention Policy

DBS retain data subject’s details for as long as they are valid, accurate and up to date or until such time that a data subject chooses to unsubscribe directly with us or via one of our partners who are making use of their details provided by us. We maintain regular contact and we ensure that data subjects have the opportunity to opt out at least once every six months.

Our Suppression Policy

A contributor (or a client) requests it be suppressed (actioned within 7 days of request)
Processing determines the record to be inaccurate
Marketing activity determines the record to be invalid
The record matches to a DBS suppression file
The data subject requests (by any means) that their details be suppressed (actioned within 7 days of request)
No offers (opportunities to opt-out) have been sent to the data subject for six consecutive months

Data Subject Access Requests (DSARs) & Opting Out

DBS aim to respond to DSARs within two working days and in most cases within one working day. Data subject requests (by any means) that their details be deleted/removed/suppressed are actioned within 7 days of a request. Regardless of whether we hold a data subject details we are pleased to add them to our suppression files (Remove my details) to ensure that we do not make use of them now or in the future should they so choose. Further, we assist data subjects should they wish to be removed from other industry lists.