Data compliance and protection is at the heart of everything we do at DBS Data.
All of our data is GDPR, PECR & DPA compliant and within The DMA (Direct Marketing Association) and ICO (Information Commisioner’s Office) guidelines.
We are recognised by The DMA as being fully compliant with The DMA’s Data Compliance Audit process which has recently been updated and up scaled to make it more rigorous. This externally audited process is designed and owned by the DMA but executed by DQM GRC. DQM GRC is an independent third party auditor with specialist knowledge in data governance, risk mitigation, data compliance and advisory service. As part of the audit process, the independent assessors reviewed our complete approach to key data issues such as:
- Supplier and client relationships and contracts
- Consent, privacy, security, age, engagement of data
- Suppression policy
- Retention policy
- Staff training
- Selection, extraction and delivery of data
Our Ethical Data Policy
We have a duty to protect our audience and that means not just being compliant but also going further. We also have an ethical data policy that ensures that our audience remains engaged with truly targeted, relevant and timely communications. Our ethical data policy states the following:
- Exclusion of individuals aged 75+
- No offers can be deemed a nuisance, including but not limited to PPI, Pension pot, time-share, loan decline/sub-prime, payday loans, hearing aid, smoking, gambling
- Mail piece, email copy, phone script must be approved for EVERY campaign. For intermediaries/resellers indicative copy may be acceptable dependent up how established the relationship with their client is.
Our Data Collection Policy
Our Data Retention Policy
DBS retain data subject’s details for as long as they are valid, accurate and up to date or until such time that a data subject chooses to unsubscribe directly with us or via one of our partners who are making use of their details provided by us. We maintain regular contact and we ensure that data subjects have the opportunity to opt out at least once every six months.
Our Suppression Policy
- A contributor (or a client) requests it be suppressed (actioned within 7 days of request)
- Processing determines the record to be inaccurate
- Marketing activity determines the record to be invalid
- The record matches to a DBS suppression file
- The data subject requests (by any means) that their details be suppressed (actioned within 7 days of request)
- No offers (opportunities to opt-out) have been sent to the data subject for six consecutive months
Data Subject Access Requests (DSARs) & Opting Out
DBS aim to respond to DSARs within two working days and in most cases within one working day. Data subject requests (by any means) that their details be deleted/removed/suppressed are actioned within 7 days of a request. Regardless of whether we hold a data subject details we are pleased to add them to our suppression files (Remove my details) to ensure that we do not make use of them now or in the future should they so choose. Further, we assist data subjects should they wish to be removed from other industry lists.
Applicable Legislation, Directives, Guidelines and Codes of Practice
Other useful data compliance links include:-