1

Not enough love and digital understanding

J Cromack Co-founder, MyLife Digital

19th October 2017

@JCCromack www.consentric.io

2

3

The "right to be forgotten" has a small but consistently

positive impact on the willingness to share, increasing it by

10% to 18%.

The most important takeaway from this study’s research is

this: Consumers want to share their data – if the benefits

and the privacy controls are right.

Boston Consulting Group

The Value of Our Digital Transparency

4

The Data Dollar Store

5

GDPR FOCUS ON CITIZEN [Data

Subject] RIGHTS• The right to be informed• The right of access• The right to rectification• The right to erasure• The right to restrict processing• The right to data portability• The right to object• Rights related to automated

decision making and profiling

6

Citizen-Centric ApproachRecital 39: any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used

Article 6: Lawfulness of Processing

Article 7: Conditions for Consent

Article 15-22: Facilitating the rights of data subjects to be exercised

Article 30: Records of processing activities

7

Principles of Permissions Platform

1. What data has been collected?

2. Who is using/has access to the data?

3. When was the permission (if required)

granted (time stamp)?

4. Where was the data captured (source) and

where is it stored?

5. Why is the data being collected & its

purpose?

• (a) – Consent of the data subject

• (b) – Legitimate interest

• (c) – The performance of a contract

• (d) – Compliance with a legal obligation

• (e) – To protect the vital interests of a data subject or

another person

• (f) – Performance of a task carried out in the public

interest or in the exercise of official authority vested in

the controller

‘5W’ GDPR framework 6 lawful reasons for data processing Article 6(1)

LEGITIMATE INTEREST OR

CONSENT

Understand what this decision really means…

9

"any freely given, specific, informed and

unambiguous indication of the data subject's wishes by which he

or she, by a statement or by a clear affirmative action, signifies

agreement to the processing of personal data relating to him or

her"

Article 6(1)(a) – Consent of the data subject

10

• 6(1)(f) Necessary for the purposes of legitimate interests pursued by the controller or a third

party, except where such interests are overridden by the interests, rights or freedoms of the

data subject. […taking into consideration the reasonable expectation of the data subject

based on their relationship with the controller.]

• The processing of personal data for direct marketing purposes may be regarded as carried

out for a legitimate interest. [Recital 47]

• This basis should not apply to the processing by

public authorities in the performance of their

tasks.

Legitimate Interests Article 6(1)(f) & Recital 47

12

• Email

• SMS

• Probably phone in the future, so get opt-in now

+

• Mail, if a legitimate interest case cannot be built

+

• The data subject needs to be given the right to object to processing their personal data (Legitimate Interest justification)

Consent is still required

15

Consentric Organisation Portal

16

Consentric Permission Management Centre

17

• Puts the citizen in control of their data

• Maintains a record of all processing activity

• Manages multiple data sources and customer touch points against a single Consentric ID – a single version of the truth in real time

• Permissions will be constantly changing – customer churn

• Full transparency and audit maintained

• Provides the granularity of purposes to aid transparency

• Supports GDPR compliance for data processing and PECR audit trail

• Builds trust by empowering the Citizen

Why is it needed?

Growth through Trust

About MyLife DigitalThe MyLife Digital Group operates in the Personal Information Management Services (PIMS) sector, one of the fastest growing and most dynamic sectors in the UK (and global)

economy. Existing MyLife Digital Group companies, Wood for Trees and Insight already have an established, and growing, base of analytics services clients and considerable data

science and sector expertise.

www.mylifedigital.co.uk

T: 01225 636 285

MyLife Digital, Reg Office: Citizen House, Crescent Office Park, Clarks Way, Rush Hill, Bath, BA2 2AF

@JCCromack www.consentric.io

jcromack@mylifedigital.co.uk