GDPR Compliant by Default
Our global database complies with the latest in international privacy laws, helping you connect with prospects with confidence.
Cognism makes your safety our business:
- We notify our database, which is required under GDPR law. However, some other providers don't get this right.
- We ensure every email you get through the platform is a business email. We do not hold any personal emails in our database.
- We scrub mobile numbers against global Do-Not-Call (DNC) registries. You won't have to worry about putting your business at risk.
We’ll leave it to our Head of Legal, Aksa to explain how we go above and beyond to help our customers mitigate their risk 👉
Join enterprise revenue teams that use Cognism for compliant data at scale 👇
Cognism's Compliance Hub👇
We've onboarded tech giants, search engines and other Enterprise grade organisations and of course they had questions around compliance as we’re sure you and your team do.
We've gathered our most common FAQ's right here:
Cognism & GDPR
Yes. In case of a security incident or breach, we will notify our clients immediately, and in no event later than 72 hours as from when the incident occurred.
Yes, we screen our telephone database against multiple Do Not Call (DNC) registries around the world, including the DNC lists in the UK (TPS and CTPS), US, Australia, Germany, France, Ireland, Canada, Spain, Portugal, Croatia, Sweden and Belgium. This ensures that any phone number obtained from Cognism’s system is safe for outreach.
We are also working to register in other DNC registries around the world.
Yes. All our employees need to take information security and compliance trainings when onboarding the company, which are renewed on an annual basis.
- We are ISO 27001 & ISO 27701 certified
- We are certified SOC2 type II compliant
- Cognism is a member of the Data and Marketing Association
We collect, process, and share our data under the lawful basis of legitimate interest, as allowed under Section 6.1(f) GDPR. We have conducted all relevant assessments and have adequate measures in place to ensure we can rely on such lawful basis compliantly.
Cognism uses its own database to provide the services. Therefore, data flow is normally from Cognism to our customers.
It is only when our customers use specific functionalities like Refresh or Enhance that Cognism would receive limited data from the customers to match it with its database, and provide updated data to its customers.
However, data received from our customers under this functionality is limited to data we need to match with our records, and it is only used by Cognism to provide the services to such client. When customers are using those functionalities, the DPA included in our Terms of Service applies.
Each party acts as an independent controller of the data under the services, and processes the data for its own purposes. Thus, Cognism processes the data to provide its services, while our customers process the data for their own marketing/lead generation activities.
This is why each party is responsible for its own compliance with applicable data privacy and (in the case of our customers) marketing regulations.
As mentioned above, it is only when customers use specific functionalities that Cognism acts as a processor on its customers’ behalf. Each of the parties’ roles and responsibilities under our services is clearly defined in our Terms of Service.
Notifications & Notified Data
When collecting and processing data under the lawful basis of legitimate interest, data subjects need to be informed about the fact that a company- like Cognism- has their data so they can exercise any of their rights (including, the right to opt-out).
Cognism is one of the few data vendors that has notified all its database and notifies any new individual that is added to our database within 30 days, as mandated by GDPR.
When a company fails to comply with data privacy regulations, like GDPR, a warning may be issued and the company could face fines by the Supervisory Authority.
Recent fines issued by the ICO (the UK regulator) can be found here. That’s why it’s important for businesses to get their data from reliable and reputable sources
Yes. As controllers of the data to be provided by Cognism, clients need to ensure that they are in compliance with all applicable regulations when using our data.
Cognism & CCPA
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.
Cognism's B2B database follows data privacy best practices to ensure full compliance with the CCPA.
We ensure compliance with CCPA through multiple means that broadly include (and are not limited to):
- Being registered as a data broker with the California Attorney General as required by the CCPA. On the Data Broker Registry website, consumers can find contact information and a website link for Cognism, as well as additional information to help them exercise their CCPA rights;
- Having two dedicated methods for consumers to submit CCPA rights requests, including a US toll-free number;
- Having procedures in place for responding to consumer rights requests, including verifying the identity of the requesters;
- Allowing consumers to opt-out of the sale of their data via an opt-out form on its website. Cognism respects and implements all such opt-outs
We're a leader in the UK & Europe, thanks to our reviews on G2
You probably want to know how we do it...
Certifications, Regulations and Standards
Cognism is certified for ISO 27001 and ISO 27701, we’re also attested for SOC2 Type II in both security and availability.
Cognism proves its ongoing commitment to data privacy and compliance with the ISO 27701 certification.
What makes our data special? Our customers will tell you why 👇
Winning 67% of Deals Using Cognism’s Compliant Data
See how Evalian uses complaint data to win 67% more deals.
How Newable Built Up a GDPR-compliant Database & Discovered New Leads
See how Newable stayed GDPr compliant with building a new database & CRM.
Sourcing GDPR-compliant Mobiles With Cognism
See how epik8 sourced GDPR-compliant mobile numbers with Cognism.
What customers are saying about us
Compliance Resources & Guides
Why You Need GDPR Compliant Data for Sales
Our blog will show you how your team can stay on the right side of the law, with B2B sales data that’s compliant in all aspects.
Why Your B2B Marketing Team Needs GDPR Compliant Data
From campaign marketing to product marketing, we delve into why you need GDPR compliant data and how best to go about it.
Cognism Certified SOC 2 Type II Compliant
Read on to learn more about Cognism's SOC 2 Type II Compliance.
Legitimate Interest and the GDPR: a B2B Marketer's Guide
What is legitimate interest? How do you apply it? And how can you ensure that your marketing is as GDPR-compliant as possible? Don't worry - we'll answer all your questions!
Compliant data coverage and quality at scale
Hear more from our enterprise reps to see how our data is used across Enterprise organisations.