Openprise GDPR Compliance

Openprise provides fine-grained data filters and permission roles
Openprise provides fine-grained data filters and permission roles

Data automation vendor Openprise announced support for the EU General Data Protection Regulation (GDPR) which goes into effect on May 25th.  The new Openprise Data Orchestration Platform capabilities provide “visibility, control, and access management inside and outside of a company, without the added complexity of traditional compliance solutions.”

The GDPR specific functionality “controls the flow of EU data out of your company” via “fine-grained data filters and permission roles,” and flags leads and contacts which are subject to the GDPR even if the records lack country flags.  The firm performs checks based upon emails, IP addresses, phone numbers, and non-standardized country fields.  Both standard and custom fields in sales and marketing automation platforms are GDPR validated.  Openprise maintains an audit trail and logs records which have been processed by partners.

The firm noted a Catch-22 in GDPR regulations.  Enriching records that lack country designators may require enrichment from non-compliant datasets, violating the law.  By utilizing data from within the record (e.g. domain, phone numbers), Openprise avoids violating the law in order to support the law.

“The vast majority of US-based companies are woefully unprepared for GDPR, and this new set of regulations has teeth.  We’ve heard from our customers that they want a central control point to help maintain compliance with GDPR.  Openprise’s position in the MarTech stack as the conductor that manages the movement and processing of data across systems puts it in a unique position to serve as this control point.”

  • Openprise CEO Ed King

The GDPR is broadly written to cover data held by non-EU companies, even those without operations or sales staff within the EU.  Penalties can be quite high, reaching up to 4% of revenue or €20 million, whichever is greater.

“What’s so critical about GDPR is that it affects companies everywhere in the world, whether they have a presence in the EU or not, and unlike many other regulations, this one has teeth,” says Allen Pogorzelski, vice president of marketing at Openprise. “If you’ve got EU citizen data in your databases, you’re subject to GDPR regulations. U.S. companies that ignore these regulations do so at their own peril.”

This summer, Openprise launched a Data Marketplace to assist with ingesting and normalizing third-party B2B and B2C data.  Amongst the platforms supported are Salesforce, Marketo, Eloqua, and Pardot.  The Data Marketplace, part of the Openprise Data Orchestration platform, includes built-in rules to ensure data are properly onboarded.  B2B Partners include Zoominfo, InsideView, Orb Intelligence, Synthio, Salesgenie, and Dun & Bradstreet.

Are you ready for EU GDPR Compliance?

On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU.  The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain.  The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.

According to Forrester, the regulation has five key requirements:

  • If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO).  The function may be filled by individuals with legal, privacy, security, marketing, or customer experience.  The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers.  The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption.  They will also be involved in purchasing decisions around CRM, analytics, and other platforms.
  • Should a data breach occur, firms have a-72 hour window for reporting breach details to the authorities and customers.  The window begins as soon as the breach is detected.
  • Privacy must be built into any new projects with a “Privacy-by-design” philosophy.  Forrester stated that “sustained collaboration between teams will be critical, so firms will have to establish new processes to encourage, enforce, and oversee it.” For example, privacy officers will need to review business requirements and development plans related to new apps.
  • Extraterritoriality places requirements on firms outside of the EU, making it a global requirement.  Forrester notes that “a US-based data aggregator that collects and resells EU customers’ data to other business partners will need to comply fully with GDPR requirements, rather than simply meeting international data transfer rules.”
  • Firms will be responsible not only for securing data but providing evidence that they have implemented appropriate risk mitigation.  Thus, a firm can be held in violation even if they have not had customer complaints or data breaches.

US companies are still obligated to comply with the 2016 Privacy Shield agreement between the US and EU.  Forrester also warned UK firms to comply with the GDPR as lowering British privacy standards would only serve to complicate UK-EU data transfer rules post Brexit.

Forrester suggested that firms take a cost-benefit analysis to data instead of simply storing everything:

“Firms will learn to better assess the costs and benefits of records they process, store, and protect. They will progressively focus on collecting, buying, processing, storing, and protecting only the data that offers them the most value and will kill the rest.”

Forrester also suggested that privacy should be part of a firm’s DNA and some firms will integrate privacy into brand perception and the customer experience, providing a basis for competitive advantage.

Osterman Research conducted a survey of mid to large companies subject to the law to identify technology expenditure increases for GDPR compliance.

GDPR compliance expenditure increases (January 2017)
GDPR compliance expenditure increases (January 2017)

GDPR non-compliance costs are potentially very high with penalties up to the greater of €20 million or 4% of total worldwide annual turnover of the preceding financial year.