GDPR Right to Erasure Faces Looming Blind Spot in Customer Data

With the E.U.'s General Data Protection Regulation (GDPR) set to go into effect in less than 2 weeks, new research shows U.S. companies are still unprepared.

The research garnered responses from U.S. companies with annual revenue greater than $10 million regarding their understanding of and preparedness for GDPR, uncovering two areas where companies are significantly exposed to legal risk by these new regulations. Penalties go into effect on May 25, 2018, and non-compliant organizations risk triggering fines up to 20 million euros or 4% of global revenue, whichever is higher.

According to Melissa, a provider of global contact data quality and identity verification solutions, which sponsored the research, the results demonstrate that most U.S. companies do not adequately understand the challenges of GDPR, particularly the "right to be forgotten," guaranteed by Article 17 of the new regulation. Companies also have a false sense of security that their current single customer view (SCV) platforms such as customer relationship management (CRM), customer information file (CIF) and master data management (MDM) customer hubs will be adequate for GDPR compliance.

In reality, the strict fuzzy record matching configurations of current SCV platforms were not designed to meet the looser fuzzy match requirements of GDPR.   The survey report includes guidance on strategies to address these GDPR risks, including empowering an individual to oversee GDPR compliance, conducting a GDPR Right to Erasure Risk Audit, and auditing various SCV platforms for their ability to locate all versions of any E.U. resident's record quickly and thoroughly. ;

"Embracing the smart data tools and support that are right for your enterprise is not a static commitment. GDPR turns some common data quality concepts on their head, and the scope of the danger may catch more than a few enterprises by surprise," said Ray Melissa, president and CEO, Melissa. "Melissa continually works to expand the role of enterprise data quality worldwide, and our GDPR research demonstrates the critical nature of this effort."

For more information, go to