Melissa, a leading provider of global contact data quality and identity verification solutions, today announced highlights of its new research showing U.S. companies are still unprepared for the E.U.’s General Data Protection Regulation (GDPR). NAPCO Research and Melissa surveyed U.S. companies with annual revenue greater than $10 million regarding their understanding of and preparedness for GDPR, uncovering two areas where companies are significantly exposed to legal risk by these new regulations. Penalties go into effect on May 25, 2018, and non-compliant organizations risk triggering fines up to €20 million or 4 percent of global revenue, whichever is higher.
Survey results demonstrate that most U.S. companies do not adequately understand the challenges of GDPR, particularly the “right to be forgotten,” guaranteed by Article 17 of the new regulation. Companies also have a false sense of security that their current single customer view (SCV) platforms such as customer relationship management (CRM), customer information file (CIF) and master data management (MDM) customer hubs will be adequate for GDPR compliance. In reality, the strict fuzzy record matching configurations of current SCV platforms were not designed to meet the looser fuzzy match requirements of GDPR. Detailed insights on the NAPCO Research and Melissa survey are featured in the current issue of Melissa Magazine, downloadable here. The survey report includes guidance on strategies to address these GDPR risks, including empowering an individual to oversee GDPR compliance, conducting a GDPR Right to Erasure Risk Audit, and auditing various SCV platforms for their ability to locate all versions of any E.U. resident’s record quickly and thoroughly.
“Embracing the smart data tools and support that are right for your enterprise is not a static commitment. GDPR turns some common data quality concepts on their head, and the scope of the danger may catch more than a few enterprises by surprise,” said Ray Melissa, president and CEO, Melissa. “Melissa continually works to expand the role of enterprise data quality worldwide, and our GDPR research demonstrates the critical nature of this effort.”
Before GDPR, false-negative match errors could be dismissed as minor mistakes with limited negative business impact, such as a customer or prospect receiving duplicate marketing messages, or creating a slight skew in analytics. And yet, a full 40 percent of respondents reported that they do not even track these errors. That false sense of security is leading U.S. marketers to underinvest in GDPR compliance initiatives. “More than 70 percent of our respondents either did not know what their company was allocating towards GDPR compliance, or said no specific GDPR budget had been established. Another 13 percent are allocating less than $1 million to these efforts. Overall, only 14 percent are allocating more than $1 million to GDPR compliance. These figures drive home the significance of the blind spot companies have to their GDPR compliance risks,” added Melissa.
In addition to the jeopardy of undocumented false-negative errors, companies can’t erase what they can’t find. This is a critical factor in meeting the GDPR ruling, which requires companies to reliably find all of a customer’s or prospect’s data regardless of variations and data quality errors in name, address, email, phone number and other traditional record match attributes.