• Michael Hudson

GDPR Knowledge Series Part 2

Are You Handicapping Your Database for GDPR?


The General Data Protection Regulation (GDPR) in the European Union (EU) was a seismic change to data protection law to companies domiciled in or operating in the 27 countries of the EU. In this series of articles, we will cover key tenets of GDPR and what you need to understand to avoid being caught in its potentially expensive legal net. You can see the first article in this series here: Data Processors vs. Data Controllers and Knowing the Difference

To be clear, the scope of GDPR is for data held and managed on EU residents in EU member countries (not citizens). GDPR, like any complex legislation, has produced a huge amount of confusion and ambiguity around what a company’s obligations are with respect to GDPR.

Data Controllers (aka end user companies) are making a fundamental mistake in how they manage their contact databases. Because they have not been able to separate GDPR subject contacts from non-GDPR subject contacts, they have been forced to treat all contacts as subject to GDPR at potentially severe cost to their outbound marketing efforts.

In this second article in the series we will focus on best practices on how to handle your contact databases to comply with GDPR.

EU Residents vs. EU Citizens

This first mistake companies are making is misunderstanding who is actually covered by GDPR. A common misconception is that GDPR applies to EU Citizens. Wrong!

GDPR applies to EU Residents. For example:

  • A U.S. citizen living and working in Paris is subject to GDPR

  • A French citizen living and working in New York is not subject to GDPR

As you can see, GDPR is determined on where a contact is currently residing, not citizenship. This distinction makes a huge difference in how you maintain opt-in requirements for your contact database. Knowing the working location of contacts to a high degree of accuracy is key to determining which contacts are subject to GDPR and which aren’t.

Poor contact data comes back to haunt marketers

For anyone who has every worked with account and contact records in systems like Salesforce knows that sales reps and marketing people are notoriously bad at maintaining the records and in particular – the contact record. Sales reps will typically maintain the following fields for contacts:

  • Name

  • Phone numbers

  • Email

  • Job Title

  • LinkedIn profile URL (maybe)

However, very few sales reps or marketing ops teams make a serious effort to enter or append the address and location data for a contact and it is this omission that has resulted in the challenges with identifying contacts that are subject to GDPR.

An example we like to cite includes a company we know that had a contact database of 900,000 contacts.

  • Because they could not identify the GDPR liable contact (estimated at 20% or 180,000), they chose to scrub their entire database by sending a new Opt-In message to every contact. The irony is, of course, that the company wound up spamming all of their 900,000 contacts in order to get permission to send them further communications.

  • The bounce rate of this email was 22% so they scrubbed those contacts (for the wrong reasons).

  • Of the remaining 78% (702,000), 75% chose to Opt-out (526,000) of which only 20% (105,000) were possible EU residents.

  • As a result, the company eliminated about 400,000 contacts from their database! These were contacts that they could have continued to nurture through various campaigns.

  • They essentially lost 44% of their non-EU, highly marketable contacts simply due to not knowing how to filter out the GDPR distinctions.


Marketers shouldn’t have to handicap their marketing databases simply because they haven’t chosen or been able to add contact location data to their contact records. Here are a few tips and best practices to be aware of when looking for data quality vendors to help you sort through your GDPR compliance:

  • Beware any data vendor that offers “GDPR Opt-in” contact data – that is impossible

  • Locate a vendor to scrub your database and append the contacts location to the contact record such as this service: https://www.contactpersona.io/contactpersonaod

  • Create a flag in the CRM contact record called Subject to GDPR and give it a Yes/No value. When you are appending contact locations also update this field to Yes for contacts that are located in EU countries

  • Segment your marketing and email nurturing lists using the GDPR Yes/No flag and configure your regulatory controls accordingly

  • Modify your user guidelines to encourage sales reps and other CRM users to add the contact location for each contact they enter in order that they can benefit from marketing campaigns later on.

  • If that proves difficult to enforce, user a vendor or service that can continuously append and validate data in CRM systems after initial data entry such as: https://www.contactpersona.io/datapersona

The prior neglect of contact location data will create some challenges but can be solved using the right tools to update the initial database and then maintain an ongoing process to ensure that the contact location is continuously appended for contacts entered later.

About Contact Persona LLC

Contact Persona is a specialist data quality service vendor with multiple offerings covering CRM data quality, inbound lead processing, custom curated database building and field event solutions. Our approach is consultative in nature and we provide input and our professional advice with all our offerings. Check out our data scrubbing solutions at: https://www.contactpersona.io/solutions

#GDPR #DataQuality #Compliance


Recent Posts

See All