Skip to content

GDPR Compliant by Default

Our global database complies with the latest in international privacy laws, helping you connect with prospects with confidence.

Cognism makes your safety our business: 

  • We notify our database, which is required under GDPR law. However, some other providers don't get this right.
  • We ensure every email you get through the platform is a business email. We do not hold any personal emails in our database.
  • We scrub mobile numbers against global Do-Not-Call (DNC) registries. You won't have to worry about putting your business at risk.

Join enterprise revenue teams that use Cognism for compliant data at scale 👇 

promon logo
Logos 130x26px_Kelly Services
Logos 130x26px_Comply Advantage-1

Compliance FAQs

We've onboarded tech giants, search engines and other Enterprise grade organisations and of course they had questions around compliance as we’re sure you and your team do. 

We've gathered our most common FAQ's right here:

Cognism & GDPR

 Yes. In case of a security incident or breach, we will notify our clients immediately, and in no event later than 72 hours as from when the incident occurred.

Yes, we screen our telephone database against multiple Do Not Call (DNC) registries around the world, including the DNC lists in the UK (TPS and CTPS), US, Australia, Germany, France, Ireland, Canada, Spain, Portugal, Croatia, Sweden and Belgium. This ensures that any phone number obtained from Cognism’s system is safe for outreach.

We are also working to register in other DNC registries around the world. 

Yes. All our employees need to take information security and compliance trainings when onboarding the company, which are renewed on an annual basis.

  • We are ISO 27001 & ISO 27701 certified
  • We are certified SOC2 type II compliant
  • Cognism is a member of the Data and Marketing Association

We generally keep the data collected inside the European Economic Area (EEA). If the data is to be transferred outside of the EEA, we transfer the minimum amount of data necessary,  anonymise it where possible and we have agreements in place with those parties which include standard data protection clauses to ensure that appropriate safeguards are in place to protect the personal data in accordance with our Privacy Policy and the European levels of data protection.

We collect, process, and share our data under the lawful basis of legitimate interest, as allowed under Section 6.1(f) GDPR. We have conducted all relevant assessments and have adequate measures in place to ensure we can rely on such lawful basis compliantly.


Cognism uses its own database to provide the services. Therefore, data flow is normally from Cognism to our customers.

It is only when our customers use specific functionalities like Refresh or Enhance that Cognism would receive limited data from the customers to match it with its database, and provide updated data to its customers.

However, data received from our customers under this functionality is limited to data we need to match with our records, and it is only used by Cognism to provide the services to such client. When customers are using those functionalities, the DPA included in our Terms of Service applies.

Each party acts as an independent controller of the data under the services, and processes the data for its own purposes. Thus, Cognism processes the data to provide its services, while our customers process the data for their own marketing/lead generation activities.

This is why each party is responsible for its own compliance with applicable data privacy and (in the case of our customers) marketing regulations.

As mentioned above, it is only when customers use specific functionalities that Cognism acts as a processor on its customers’ behalf. Each of the parties’ roles and responsibilities under our services is clearly defined in our Terms of Service.

Notifications & Notified Data

When collecting and processing data under the lawful basis of legitimate interest, data subjects need to be informed about the fact that a company- like Cognism- has their data so they can exercise any of their rights (including, the right to opt-out).

Cognism is one of the few data vendors that has notified all its database and notifies any new individual that is added to our database within 30 days, as mandated by GDPR.

When a company fails to comply with data privacy regulations, like GDPR, a warning may be issued and the company could face fines by the Supervisory Authority.

Recent fines issued by the ICO (the UK regulator) can be found here. That’s why it’s important for businesses to get their data from reliable and reputable sources

Yes. As controllers of the data to be provided by Cognism, clients need to ensure that they are in compliance with all applicable regulations when using our data.

This would include, for instance, having a legal basis to process the data, having a privacy policy, an opt-out procedure, and notifying data subjects that they hold their data and what they do with it.

Cognism & CCPA

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.

Cognism's B2B database follows data privacy best practices to ensure full compliance with the CCPA.

We ensure compliance with CCPA through multiple means that broadly include (and are not limited to):

  • Having in place an externally facing privacy notice that complies with the CCPA requirements. Cognism's privacy policy has a dedicated section directed at California residents.
  • Being registered as a data broker with the California Attorney General as required by the CCPA. On the Data Broker Registry website, consumers can find contact information and a website link for Cognism, as well as additional information to help them exercise their CCPA rights;
  • Having two dedicated methods for consumers to submit CCPA rights requests, including a US toll-free number;
  • Having procedures in place for responding to consumer rights requests, including verifying the identity of the requesters;
  • Allowing consumers to opt-out of the sale of their data via an opt-out form on its website. Cognism respects and implements all such opt-outs

We're a leader in the UK & Europe, thanks to our reviews on G2

You probably want to know how we do it...

Data Sources

Where does it all come from?

We combine first party with third party sources to give you the best the market can offer.

  • Proprietary Data Capture Mechanisms

    This is our first data layer: community-sourced data. It comes from members of our community who allow us to match contact information stored in signature blocks to business professionals in our database.  

  • Publicly available information

    We monitor publicly available information across millions of corporate websites, job postings, news feeds, and company registries to confirm business information and add an additional layer of accuracy.

  • Proprietary machine learning models

    We monitor the digital infrastructure of companies using proprietary ML models. Then, we cross-reference this data with job postings to give insight into which technologies are used in which companies.

  • Strategic partnerships

    We have formed strategic partnerships with premium-grade providers. This allows us to provide users with highly accurate supporting data like intent data (powered by Bombora) and sales event triggers (powered by CB Insights).

Data Validation & Maintenance

How do we keep it fresh and accurate?

Cognism's data validation and maintenance formula:

Manual Research + Daily Database Updates = Coverage + Completeness + Correctness

  • Mobile number validation

Our ultimate goal is simple: we want you to have more conversations.

That's why we have a team of researchers dedicated to manually validating mobile phone numbers – a process through which we create our Diamond Data® asset.

This includes the contacts that are highly valuable to our user base and contacts specifically requested by our customers leveraging the Diamonds-on-Demand® service.

Our formula continued

  • Company manual research

We operate and drive continuous database improvement with a quality-first mindset.

To ensure the data we source meets our stringent quality standards, the research team continuously audit our customers’ most desired company and contact profiles, including the information collected via our programmatic primary data capture methods.

  • Daily database updates

We perform millions of daily database updates.

Apart from keeping our data fresh, these updates enable us to track important contact-level events such as key roles joining or leaving a company. This allows customers to rekindle relationships with former users or connect with new decision-makers who are just starting out and building their strategy, before competitors catch up.

Certifications, Regulations and Standards

Cognism is certified for ISO 27001 and ISO 27701, we’re also attested for SOC2 Type II in both security and availability. 

Cognism proves its ongoing commitment to data privacy and compliance with the ISO 27701 certification.


What customers are saying about us

Compliant data coverage and quality at scale

Hear more from our enterprise reps to see how our data is used across Enterprise organisations. 

andrei g
Andrei G.

“The GDPR-compliant and accurate data Cognism provides for us really helps shorten our sales cycles and allows us to get B2B data at the click of a button for whoever we would like to contact.”