For most business leaders, privacy compliance has shifted from being an afterthought to an absolute necessity. Data is increasingly being used to fuel critical go-to-market functions, while at the same time, consumer privacy laws are strengthening around the world.
It’s crucial that every data vendor in your tech stack is compliant with both local and global privacy laws. Working with a non-compliant data vendor runs the risk of serious fines, negative publicity, and being forced to rebuild your database from scratch. To put it simply, their risk is your risk.
To properly evaluate a vendor for compliance, you may be wondering, “Where do I even begin?” We’ve outlined four steps you can take to assess a data vendor’s commitment to privacy.
Define the Categories that Matter to You
To gauge how seriously a vendor takes privacy, simply reviewing the company’s privacy policy isn’t going to cut it anymore. It’s important to define the categories on which to base your evaluation. To do this, focus on the compliance, privacy, and security standards of each provider.
These three related terms are often misconstrued. Here’s a quick definition:
- Compliance: Meeting established guidelines or specifications (e.g., compliance with security or privacy standards).
- Privacy: The right that defines the appropriate uses and governance of an individual’s personal information.
- Security: The act of protecting data from unauthorized access and potential breaches. Security measures are used to maintain privacy.
Here are categories to consider for assessing each vendor for compliance, privacy, and security:
- Privacy Compliance
- Product Security
- Data Security
- Incident Management & Response
- Availability & Reliability
- Organizational Security
- Business Continuity
- Infrastructure
- Threat Management
- Subprocessors
Review the Vendor’s Certifications
Once you’ve identified the important categories for your needs, review the notable certifications or achievements for each company in each category. It’s important to remember that some certifications are harder to achieve than others.
“The certifications that require a significant investment of time and money are what separate truly compliant B2B data vendors from everyone else,” ZoomInfo privacy compliance officer Al Raymond says.
For example, ISO 27701 certification provides an international standard for companies to establish, implement, maintain, and continually improve their Privacy Information Management Systems (PIMS). It can be a lengthy, involved, and costly process, but it’s one of the best-known certifications around the world when it comes to managing information security.
Prepare a List of Privacy Questions
Once you’ve identified a list of potential vendors that meet your category and certification standards, you’ll want to assess their level of compliance in more detail. Make sure each vendor answers these important privacy-related questions:
- What does your privacy policy say about your use of data?
- How is the data in your database collected, processed, and stored?
- Do you provide data collection notices to all data subjects?
- If applicable, is your platform compliant with CCPA/GDPR?
- Is your business making significant internal investments in a privacy compliance team?
- How do you continuously improve your compliance standards each year?
- What is your stance on data ethics?
There will most likely be other company-specific questions you’ll want to ask. Be sure to coordinate your list with your internal privacy compliance team.
Use TrustPage to Compare Different Vendors
As a B2B data vendor, ZoomInfo receives countless questions and requests about our privacy compliance practices. We created the ZoomInfo Trust Center to provide easy access to our compliance-related certifications, policies, and other safeguards we’ve put in place.
Other companies have their own privacy centers. One of the simplest ways to compare B2B data vendors on privacy compliance is with a tool like TrustPage. Its side-by-side view of the certifications, policies, and safeguards, of vendors makes it easy to compare how each company prioritizes privacy compliance.
Check out this video to see TrustPage in action:
Privacy compliance will continue to be a top priority for businesses everywhere — especially for those relying on data to drive sales and marketing activities. When choosing a B2B data provider, it’s important to do your research and thoroughly vet providers to avoid bigger challenges and unwelcome surprises down the road.
Learn more about ZoomInfo’s data collection practices.