Fifth Square are a data regulatory consultancy who believe that every individual deserves to have their personal data treated with respect. With over 20 years’ experience in IT and Business consultancy, Fifth Square have been working with Gungho to achieve a safe and secure Data Privacy environment for 3 years and were appointed as the voluntary Data Protection Officer in 2022.
Gungho’s dedicated Data Protection Officer and Fifth Square Founder, Simon Ghent, is an ANSI/ISO trained Certified Information Privacy Professional/Europe (CIPP/E). He is trained in Information Privacy Professional/Management (CIPM) and is certified as a Cyber Essentials Assessor and Certification Body through IASME. We spoke to Simon about his experience in the data protection space, how Gungho’s practices measure up and the future of Data Protection.
What is the role of a Data Protection Officer?
It’s a regulated role as defined within GDPR. The purpose of the role is to make sure that we are upholding the rights and freedoms of data subjects ensuring that we’ve got the legal basis to process data and that we have respect for the rights of the people that we’re contacting. That also includes ensuring that companies are regularly trained on data protection and data security. Data Protection Officers make sure that the systems in place are fit for purpose and that data is held as securely as possible.
How would you compare Gungho’s dataset to those of generalist marketing companies?
Gungho have got the insight and the knowledge of a database that has been built up in-house over many years. It’s constantly updated to ensure that it’s relevant and that enables us to target client audiences very accurately, which obviously improves the opportunities. It also reduces the risk for the client because they have confidence in the source of the data and how it’s protected.
There are a lot of companies that just do what’s called screen scraping, where they’re harvesting huge amounts of data, they’re not filtering it or qualifying it at all. As a result, the data isn’t qualitative, it’ll be very old, often inaccurate data. Companies can buy these huge databases, but they are not going to help with successful lead generation.
The Gungho dataset is used and filtered by 140+ staff on a daily basis creating over 50,000 data points a week. This data is what is referred to as ‘clean’ data. It is accurate and I think that is a huge part of Gungho’s success.
How do Gungho train their team to ensure that all staff understand GDPR and data protection?
I work closely with Charlotte, our Learning and Development Manager, and we have an online L&D platform that is used during onboarding of new members of staff. They receive mandatory training at induction and then we have an annual refresher programme. There are four levels of training, depending on company role. Staff also receive a monthly e-mail which updates them on the latest data protection and GDPR developments. We promote regular, bitesize training as that’s most effective in terms of embedding the learning.
How do Gungho deal with DSAR? (Data Subject Access Request)
These are very common in today’s world, which is completely understandable. People want to know what data is held in any dataset and why. Uniquely within the marketing vertical, I would say Gungho are leading the way, certainly among many other organisations operating in similar spaces. Gungho have a very clear escalation process. As soon as somebody questions where their data has come from, it gets escalated up to the data team where we then confirm where we’ve got the data from, whether that be LinkedIn, Zoom, or one of our other sources. Once we know the exact source, we send an e-mail, typically within 24 hours, to the person that’s requested the information.
If it’s a full DSAR, which means that they want more complex information, our escalation process dictates that we reply within 30 days. Following that, they are invited to uphold the rest of their data protection rights, which may include us removing their data from our database. Having a clean dataset is very important to us. We ensure that we’re only contacting people that want to be contacted.
How serious is data protection and how seriously do Gungho take it as a business?
Extremely seriously. Out of all of my clients, I would probably say that Gungho are in the top 10%. From a corporate social responsibility perspective, the way that companies handle data has become more important. Data protection has been around since the Human Rights Act and the first Data Protection Act were initiated back in the 90s, however, data protection is now increasingly important because so much data is available about us as individuals.
The repercussion of getting things wrong is huge, the ICO could fine us up to 4% of our worldwide turnover, which obviously would have a huge impact but really the bigger threat is always reputational damage.
Do you find that some companies don’t take it seriously?
Oh, absolutely. Because data protection is risk-based, some companies will say, ‘OK, well, we’re going to take the risk.’ Some companies constantly get fined, Facebook being one for example. Some organisations swallow the fines within their turnover, so that’s one end of the scale. Then you’ve got the other end of the scale, some companies I deal with view security and protection as one of the highest priorities for them. Gungho is at that end of the scale. It’s really lovely to be involved with a board that prioritise data protection and security.
How confident are you in the way in which Gungho protects their clients, brands and reputation?
Working within the field of marketing you have to be pragmatic because we want results for our clients. However, I believe that Gungho have got the balance right when it comes to protecting their client’s brands because fundamentally we’re not transferring any data to our clients until we’ve actually got a lead for them. When we contact prospects, we say we’re calling on behalf of a particular brand. We’re identifying that we are not the brand and are as open and transparent as we can be.
What’s in store for the future of data protection?
Data protection is going to become more and more important to brands because the regulatory environment is going to change dramatically over the next five years. For example, there are a number of significant changes following Brexit. The UK Government have made it clear that we’ll have additional legislation and countries around the world are constantly adopting new legislation when it comes to data protection. We have to recognise that we are in a data economy now, that’s the next industrial revolution so legislation is bound to increase. The other big change within data protection is artificial intelligence which will have a huge impact.
With all the Data Protection changes expected, should companies be concerned about their liability?
For companies working with Gungho, we take a lot of that burden away. We operate under the Data Protection Act and the regulations within the countries that we operate. Everything that we do is logged, tracked and actioned very quickly. We also have the Privacy and Electronic Communications Regulations, which dictates what we can do from a marketing perspective.
People are becoming more and more aware of their data protection rights and as a result, we take all of that concern away for our clients. We’re able to use our knowledge and skill in the data protection environment to de-risk our clients so that they can focus on their business.