How does Intense Prospex adhere to GDPR / PECR?

The Intense Prospex team works hard to ensure that we remain in compliance for both the company's benefit as well as that of our customers. The Intense Prospex platform is more complex in the way that it handles data than most, so our compliance is similarly complicated.
 
Much of maintaining GDPR compliance as a vendor involves how we secure our data. In order to maintain a high bar of security we have completed the following:
Intense Prospex has achieved a SOC 2 and ISO 27001 security accreditation report. These accreditations evaluate Intense Prospex controls that are relevant to data security, availability, and confidentiality. To gain them, Intense Prospex needed to prove the success of our controls and their ability to maintain security, availability, and confidentiality over a predetermined span of time.
 
Intense Prospex has implemented advanced data controls, which include the encryption of all user data, which is designed to protect our customers’ data from leaks and malicious intent. The Intense Prospex team regularly tests our product to fix any potential problems and maintains the industry’s highest standards in information security.
 
Intense Prospex has built and follows data incident response processes. These processes are tested each year for continued effectiveness.
 
Intense Prospex built processes to supplement data recovery and integrity to help any customers whose data is lost or unintentionally corrupted.
 
Intense Prospex has systems in place to protect all customers' rights to their own data footprint in the platform.
 
Intense Prospex's key data sub-processors, such as Amazon Web Services (AWS) and Google Cloud Platform, all have achieved similarly high-level security standards (SOC 2 and/or ISO 27001 certifications, where possible) and have undergone rigorous security evaluations.
GDPR lays out different requirements for “Processors” and “Controllers” of data. In Intense Prospex's case, we operate as both a data controller and data processor since we help our users acquire data as a controller and communicate with prospects as a processor.
 
Intense Prospex's Adherence to GDPR / PECR as Data “Controllers”

As it stands, Intense Prospex is in compliance as a data controller by the standards contained in the GDPR. Intense Prospex manages the data we collect to ensure it is in compliance. We also view it as our responsibility to educate everyone who uses our data to keep them informed and prepared to use our data in a way that similarly keeps them in compliance.
 
Our users have the option of excluding citizens of member countries within the EU to help protect themselves against accidentally emailing someone they shouldn’t. This prevents our customers from having to comb through lists of prospects to double-check their own compliance while prospecting.
 
Intense Prospex customers that sell or market to EU citizens must be transparent in their intentions with any personal data that they collect and If they do send any form of communication, they must also provide the ability for people to opt out of any future messages.
 
Intense Prospex has the ability to enrich data pertaining to citizens of the EU should our users already possess their contact information. For example, if a user has the email address and name of an individual working for L’Oréal Paris, we have the ability to enrich title and company information. With that said, this ability is only applicable if the enrichment is for the purpose of data hygiene and cleanliness or if you have a good faith reason to believe that the recipient has a demonstrated interest in receiving the information or offer, such as information that would help them perform their job.
 
As data controllers, Intense Prospex maintains our own compliance and aids users with their own compliance, but Intense Prospex highly recommends that all of our customers familiarize themselves with the regulations and seek out additional support from privacy advisors if any questions remain.
 
Intense Prospex's Adherence to GDPR / PECR as Data “Processors”

Beyond the precautions and measures laid out above, Intense Prospex has completed and will undertake the following actions to maintain compliance as a data processor:
 
Working with our legal counsel (and when requested, those of our customers) to ensure full preparation and compliance.
 
Evaluating every use case within our platform to help back up every decision we make should they face legal scrutiny.
 
Crafting internal workflows to quickly and thoroughly complete data subject requests
 
Conducting an in-depth review of all requirements implications for data processors and where we may be a joint controller
 
Updating all contact information and notices so data subjects and customer data controllers may contact us if necessary
 
Obtaining all resources necessary for ongoing compliance requirements and documentation necessitated by GDPR
 
Updating and maintaining data security standards and workflows to meet all requirements necessitated by GDPR
 
Evaluating all customer contracts where necessary to ensure we’ve laid out a path for legal compliance for them to the best of our ability and to clearly detail our own responsibilities to avoid any possible confusion that could result in a penalty.