Are you ready for EU GDPR Compliance?

On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU.  The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain.  The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.

According to Forrester, the regulation has five key requirements:

  • If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO).  The function may be filled by individuals with legal, privacy, security, marketing, or customer experience.  The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers.  The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption.  They will also be involved in purchasing decisions around CRM, analytics, and other platforms.
  • Should a data breach occur, firms have a-72 hour window for reporting breach details to the authorities and customers.  The window begins as soon as the breach is detected.
  • Privacy must be built into any new projects with a “Privacy-by-design” philosophy.  Forrester stated that “sustained collaboration between teams will be critical, so firms will have to establish new processes to encourage, enforce, and oversee it.” For example, privacy officers will need to review business requirements and development plans related to new apps.
  • Extraterritoriality places requirements on firms outside of the EU, making it a global requirement.  Forrester notes that “a US-based data aggregator that collects and resells EU customers’ data to other business partners will need to comply fully with GDPR requirements, rather than simply meeting international data transfer rules.”
  • Firms will be responsible not only for securing data but providing evidence that they have implemented appropriate risk mitigation.  Thus, a firm can be held in violation even if they have not had customer complaints or data breaches.

US companies are still obligated to comply with the 2016 Privacy Shield agreement between the US and EU.  Forrester also warned UK firms to comply with the GDPR as lowering British privacy standards would only serve to complicate UK-EU data transfer rules post Brexit.

Forrester suggested that firms take a cost-benefit analysis to data instead of simply storing everything:

“Firms will learn to better assess the costs and benefits of records they process, store, and protect. They will progressively focus on collecting, buying, processing, storing, and protecting only the data that offers them the most value and will kill the rest.”

Forrester also suggested that privacy should be part of a firm’s DNA and some firms will integrate privacy into brand perception and the customer experience, providing a basis for competitive advantage.

Osterman Research conducted a survey of mid to large companies subject to the law to identify technology expenditure increases for GDPR compliance.

GDPR compliance expenditure increases (January 2017)
GDPR compliance expenditure increases (January 2017)

GDPR non-compliance costs are potentially very high with penalties up to the greater of €20 million or 4% of total worldwide annual turnover of the preceding financial year.

Orbis: Analysis of Global Financial Disclosure Rates

Orbis Coverage Table
Orbis Coverage Table

I came across an interesting analysis of financial disclosure rates by regions around the world.  The blog, written by Mark Bodnar, a librarian at Simon Fraser University (British Colombia), observed limited financial disclosure in North America and much of AsiaPac, but broader financial availability in Europe.

Of the 18 million North American companies covered, only about 35,000 have detailed financials.  That’s about 0.19%. Those would be from the relatively rare cohort of publicly traded companies we mentioned earlier.  The other 99.81% of the companies are privately held, and in North America that means that they are under almost no obligation to reveal their financials.

Compare that to Western Europe, where about 10 million of their 30 million companies in the database have detailed financials…

Oceania (incorporating AUS, NZ, and many wonderful island nations) is also down around 0.2%, largely because there are detailed financials for only about 0.15% of the companies based in the biggest country in the region, Australia.

While none of this would be a surprise to people in the business information sector, it was a good way to surface the information for students and non-experts.  European countries have a long history of requiring non-public (aka non-quoted or non-listed) companies to publicly file annual returns.  The depth of filing varies by country and size of company, but Europe has a deep set of financials available to assist with credit and supplier risk analysis, prospecting, company research, KYC/AML, and market analytics.

In the US, disclosure is limited to public companies, non-profits, and financial services companies.  Of these, only public company financials, which are filed via EDGAR (SEC), are fully transparent with few accessing state insurance filings, IRS 990 filings (non-profits), or the FDIC (banks).

I would take the author’s analysis of countries with deepest coverage of financials with a grain of salt.  It is likely that many of the countries with the highest disclosure rates have limited coverage of companies not subject to financial disclosure.  Furthermore, some of the filing regimes do not require financials for smaller companies.

 

 

 

DueDil KYC for Business

UK business information vendor DueDil partnered with CallCredit Information Group for an enhanced KYC (Know Your Customer) service.  The new API service provides real-time access to company, director, and beneficial ownership data to expedite onboarding and financial compliance.

“This service provides a one-stop-shop for a business’s identification and verification needs,” said Alan Golob, CallCredit Data Solutions Director.  “By combining Callcredit’s data, industry knowledge and first line support capabilities with DueDil’s data and development expertise, we’ve created a service that will fully integrate into a client’s system or work as a standalone tool.  Advancements in regulatory requirements have caused many businesses to reassess their processes and checks, and this solution answers this need.”

DueDil covers forty million European companies across nine countries with plans to expand across all of Europe.

“Compliance is not only a regulatory requirement, it is the heart of every resilient business,” said DueDil CEO Damian Kimmelman.  “This can only be achieved by having a true and comprehensive profile of the customers that you are dealing with. Customers of our new service will have the comfort of knowing that they can make KYC checks in a simple, automated way through a platform which is underpinned by one of Europe’s largest company information sources.  Enhanced due diligence checks should form part of a balanced risk-based approach and can help organisations assess customers and meet regulatory requirements.”

DueDil: New Chairman, Expanded Coverage

DueDil Group Graph for Spotify
DueDil Group Graph for Spotify

DueDil, which provides financial research and sales intelligence services for the UK and Europe, named Alan Millard as its Chairman.  Millard is a consultant for the Table Group and has worked with CEOs and executives at IBM, JP Morgan, Deutsche Bank, Standard Chartered Bank, SABmiller, and GSK.  Previously, Millard was the COO at Hiscox UK and CEO of its subsidiary Hiscox Underwriting.

“Alan is helping us transition from a founder led team to an executive led organization,” said DueDil founder and CEO Damian Kimmelman.  “He brings with him the eye of the customer which is so critical as we scale. I am honoured to have him on board guiding our global ambitions.”

DueDil recently expanded its database beyond the UK and Ireland to provide company coverage of France, Germany, Benelux, and the Nordics.  However, they are already talking about a true global dataset to rival Dun & Bradstreet and Bureau van Dijk.  By the end of the year, they expect to offer pan-European coverage and begin to extend their reach to additional global markets.  Thus, their database will grow from 11 million companies at the beginning of the year to 40 million companies in March and 100 million by the end of the year.  Their goal is to be the “largest source of private company information in the world,” said COO Justin Fitzpatrick.

“A more open business world is essential to global growth and prosperity. DueDil is already the largest and richest source of private company information in the U.K., and one of the largest in Europe. We are on an incredible journey to cover over 200 million companies globally by the end of 2018. I am excited to be part of a company that genuinely improves the business landscape and encourages growth and trade,” said Millard.

“Our mission at DueDil is to create the largest source of private company information to help businesses to find opportunity and mitigate risk,” stated DueDil CRO Pierre Berlin at DueDil’s recent Spotlight user conference.  “We help businesses in the digital transformation.  Leveraging it by transforming the business relationship with the key stakeholder in the organization.  Our value proposition at DueDil is to make your business more agile [and] resilient, by providing access to the richest information on the company that matters to you.”

According to Fitzpatrick, DueDil will accomplish their mission via superior data, new insight, and automation.

Along with expanded geographic coverage, DueDil is extending its Know Your Customer (KYC) checks to include beneficial ownership, UK Financial Conduct Authority (FCA) registration data, and adverse media coverage.  According to the FCA, it “regulates and supervises the conduct of more than 50,000 firms in the UK that provide financial products and services to both UK and international customers.”

In March, DueDil also announced an upgraded API that supports a host of functions including opportunity identification, risk mitigation, auto-populating sign up forms, data enrichment, and verifying credentials during customer onboarding.

The API also supports a new partnership with consumer information vendor CallCredit.  The partners “will offer an integrated solution for verifying a business and the people who run it,” said DueDil Product Marketing Manager Sam Hockley.  Initially the consumer information will only be available via the DueDil API.

Coincidentally, Dun & Bradstreet announced a Beneficial Ownership product a few weeks ago.

Sparklane €4m Funding Round

Sparklane Lead Scoring
Sparklane Lead Scoring

Sparklane, which describes itself as “a publisher of sales intelligence SAAS solutions,” announced that it received a €4m funding round from XAnge and Entrepreneur Venture Investment Fund.  The round raised its total funding to €7m.  XAnge also participated in Sparklane’s previous funding round.

“We were won over by Sparklane’s disruptive positioning and the impressive performance of its management team, prompting us to offer them our renewed support as we participate in this fundraising initiative alongside Entrepreneur Venture,” stated Guilhem de Vregille, Deputy Director of XAnge.

The round allows Sparklane to continue its European expansion.  The French company established itself in the UK in 2016 and is currently eyeing the German market.  The funding will also be directed towards expanding its artificial intelligence capabilities, and growth in their sales and R&D teams.

According to Chairman Frédéric Pichard, the funding round is a “real vote of confidence,” in the company.  “Our goal remains the same: to help marketing and sales people identify their future customers more quickly using Artificial Intelligence.”

Sparklane offers predictive lead scoring and prospecting tools for sales and marketing teams in the UK and France.  Their Predict platform processes client CRM data to define an Ideal Customer Profile (ICP), apply predictive lead scores, and identify look-a-like prospects.

Sparklane supports nearly 350 clients across banking, insurance, technology and business services.  The firm was listed in Deloitte’s 2016 EMEA Fast 500 list of technology companies with 265% revenue growth between 2012 and 2015 (three-year CAGR of 54%).

LeadGnome: EU-US Privacy Shield Certification

LeadGnome -- Mining Email for LeadsAccount Based Intelligence vendor LeadGnome completed the EU-U.S. Privacy Shield certification process with the U.S. Department of Commerce.  The new process ensures that privacy is protected when personal data is transferred from the EU to the US.  The Privacy Shield process was implemented last summer after the previous Safe Harbour regime was invalidated by the European Court of Justice.

LeadGnome’s email reply service mines emails for intelligence such as left the company, out of office, change of position, change of name/email, and unsubscribe requests.  “LeadGnome is unique in its ability to mine the unstructured body of reply emails for account based intelligence.  It was, therefore, important to acquire EU-U.S. Privacy Shield certification to assure our customers of our commitment to the privacy of their data,” said Matt Benati, CEO of LeadGnome.

Because the firm collects emails, titles, and business phones, they did not have to go through the more stringent approval level for firms that store credit, payment, or personal data.  This helped expedite the approval process with the Department of Commerce.  As LeadGnome was already Safe Harbour compliant, the approval process was focused on conforming to changes between the Safe Harbour and Privacy Shield.  LeadGnome worked with the Better Business Bureau as a compliance partner and completed the process in about two months.  Benati believes the process will speed up as the certification backlog clears, but noted that his firm benefited from having Safe Harbour certification.

The LeadGnome platform is integrated with major CRMs and MAPs including Salesforce, HubSpot, Marketo and Oracle Cloud.

“LeadGnome is committed to data privacy and business transparency. We had already employed many of the required best practices, so the certification process was completed significantly ahead of schedule,” said Benati.

Other vendors that are Privacy Shield compliant include Dun & Bradstreet, Avention, Zoominfo, Infogroup, Salesforce, Microsoft, Oracle, SalesLoft, ReachForce, and Outreach.  The US International Trade Administration publishes a list of Privacy Shield compliant firms.

Sales Intelligence: US vs. UK

UK private company financials (source: Artesian Solutions)
UK private company financials (source: Artesian Solutions)

The UK is the second largest market for sales intelligence services.  For US firms, the UK is usually either the second or third market (after Canada) which they support.  Thus, the UK market is served by both British (e.g. DueDil, Artesian Solutions, Bureau van Dijk) and American companies (e.g. Avention, Dun & Bradstreet, Factiva).

A key difference between the US and UK markets is the availability of UK private company data.  Approximately three million active UK firms are required to register with Companies House (the major exceptions are small businesses, partnerships, and public sector entities).  Large firms are required to provide full financials while mid-size firms may only be required to file a Balance Sheet or summary financials.  The smallest firms may simply be required to file a basic Annual Return with Director and Shareholder information and abbreviated accounts.

Along with annual financials, the UK filing regime requires statements concerning Directors and Shareholders (DASH); Mortgages, Charges, and County Court Judgments (MCCJ); and Gazette filings concerning receiverships and the winding down of businesses.  The net effect is a richer set of financial figures, superior intelligence concerning corporate families and ownership, a broad list directors, and intelligence concerning cross-company director linkages.

There are some drawbacks to this system.  First, the filings for private companies are not filed until three quarters after the end of the financial year so one is generally looking at data that is three to seven quarters in arrears.  A company’s financial position can shift significantly during this time.  Of course, few companies in the US are required to make any kind of financial filings.

Second, statements may be filed from the offices of corporate secretaries, accountants, or corporate owners.  Thus, the registered address often differs from the actual “trading address”.  When evaluating UK sales intelligence tools, look for vendors that provide both registered and trading addresses.  You should also ask about the population of URLs and phone numbers.

In the UK, sales reps should be calling into the Trading Address (physical) location, not the Registered Address (legal). Make sure your Sales Intelligence service provides both.
In the UK, sales reps should be calling into the Trading Address (physical) location, not the Registered Address (legal). Make sure your Sales Intelligence service provides both.  (Source: Avention)

Third, while there is very good data concerning corporate linkages, including minority shareholdings, the data only goes to the subsidiary level.  But companies may have hundreds of operating locations not listed.  In the US, vendors capture all of these branch locations, but this intelligence is more limited in the UK.

Another problem with this regime is there is little focus on who is managing the organization.  While a few directors are listed, they may not be the people the sales rep will be calling into.  Thus, the sales intelligence vendors have been working to tie in marketing datasets which provide additional color (British translation: colour) including mid-level managers with emails, URLs, and phone numbers.

Finally, one is more likely to have turnover figures (US translation: revenue) in the UK than in the US.  Conversely, US vendors are more likely to have employee figures and modeled revenue figures.  As a result, the employee count is a better sizing metric when prospecting in the US and turnover is the superior prospecting metric in the UK.

I am currently working on the next edition of my Field Guide for Sales Intelligence Vendors.  One of the key additions to this year’s edition is the inclusion of three UK vendors: Artesian Solutions, Bureau van Dijk, and DueDilAvention, which also offers a strong UK product, was previously included.  The new edition will be available before the end of this year.  I am now taking pre-orders for the expanded guide with purchasers receiving the 2015 edition at no charge.