#twbconf 2017: On Being Human - Jason Caplin & Audree Fletcher, Barnardo's
#twbconf 2017: Not enough love and digital understanding - J Cromack, MyLife Digital
-
Upload
together-were-better -
Category
Internet
-
view
234 -
download
4
Transcript of #twbconf 2017: Not enough love and digital understanding - J Cromack, MyLife Digital
1
Not enough love and digital understanding
J Cromack Co-founder, MyLife Digital
19th October 2017
@JCCromack www.consentric.io
3
The "right to be forgotten" has a small but consistently
positive impact on the willingness to share, increasing it by
10% to 18%.
The most important takeaway from this study’s research is
this: Consumers want to share their data – if the benefits
and the privacy controls are right.
Boston Consulting Group
The Value of Our Digital Transparency
5
GDPR FOCUS ON CITIZEN [Data
Subject] RIGHTS• The right to be informed• The right of access• The right to rectification• The right to erasure• The right to restrict processing• The right to data portability• The right to object• Rights related to automated
decision making and profiling
6
Citizen-Centric ApproachRecital 39: any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used
Article 6: Lawfulness of Processing
Article 7: Conditions for Consent
Article 15-22: Facilitating the rights of data subjects to be exercised
Article 30: Records of processing activities
7
Principles of Permissions Platform
1. What data has been collected?
2. Who is using/has access to the data?
3. When was the permission (if required)
granted (time stamp)?
4. Where was the data captured (source) and
where is it stored?
5. Why is the data being collected & its
purpose?
• (a) – Consent of the data subject
• (b) – Legitimate interest
• (c) – The performance of a contract
• (d) – Compliance with a legal obligation
• (e) – To protect the vital interests of a data subject or
another person
• (f) – Performance of a task carried out in the public
interest or in the exercise of official authority vested in
the controller
‘5W’ GDPR framework 6 lawful reasons for data processing Article 6(1)
9
"any freely given, specific, informed and
unambiguous indication of the data subject's wishes by which he
or she, by a statement or by a clear affirmative action, signifies
agreement to the processing of personal data relating to him or
her"
Article 6(1)(a) – Consent of the data subject
10
• 6(1)(f) Necessary for the purposes of legitimate interests pursued by the controller or a third
party, except where such interests are overridden by the interests, rights or freedoms of the
data subject. […taking into consideration the reasonable expectation of the data subject
based on their relationship with the controller.]
• The processing of personal data for direct marketing purposes may be regarded as carried
out for a legitimate interest. [Recital 47]
• This basis should not apply to the processing by
public authorities in the performance of their
tasks.
Legitimate Interests Article 6(1)(f) & Recital 47
12
• SMS
• Probably phone in the future, so get opt-in now
+
• Mail, if a legitimate interest case cannot be built
+
• The data subject needs to be given the right to object to processing their personal data (Legitimate Interest justification)
Consent is still required
17
• Puts the citizen in control of their data
• Maintains a record of all processing activity
• Manages multiple data sources and customer touch points against a single Consentric ID – a single version of the truth in real time
• Permissions will be constantly changing – customer churn
• Full transparency and audit maintained
• Provides the granularity of purposes to aid transparency
• Supports GDPR compliance for data processing and PECR audit trail
• Builds trust by empowering the Citizen
Why is it needed?
Growth through Trust
About MyLife DigitalThe MyLife Digital Group operates in the Personal Information Management Services (PIMS) sector, one of the fastest growing and most dynamic sectors in the UK (and global)
economy. Existing MyLife Digital Group companies, Wood for Trees and Insight already have an established, and growing, base of analytics services clients and considerable data
science and sector expertise.
www.mylifedigital.co.uk
T: 01225 636 285
MyLife Digital, Reg Office: Citizen House, Crescent Office Park, Clarks Way, Rush Hill, Bath, BA2 2AF
@JCCromack www.consentric.io