You are now a personal data guardian

 

Personal data guardian. A new role.

Data controllers and processors are starting to realise some of the implications of GDPR (the new General Data Protection Regulation – live from 25th May 2018). One of which is that your role has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely. The premise is that due to GDPR citizens/customers/users now have new rights.  Specifically the right to know what personal data of theirs you process and the right to be forgotten. Which means that ownership of personal data is the individuals, you are simply a custodian and guardian of this data whilst it is in your domain.  Not forgetting the need to get consent to process personal data in certain circumstances.

Organisation wide impact

This change in responsibility for personal data has an impact across an organisation. As previously held norms no longer apply. Previous assumptions are no longer valid. The impact of GDPR will be widespread. It should though lead to improved security and confidence in organisations that process our personal data.

Protection

Protection is the key word in GDPR.  Protecting data is fundamental which is now motivating organisations to know what personal data is being processed, for what purpose. Organisations also need to know where that data is being processed, who has access to this data and for what purpose(s) are they using that data. Once an organisation has completed this assessment (called the Privacy Impact Assessment – aka the PIA) it is now in a great position to become GDPR compliant.

Not Just a tech thing

Compliance however is not all about technology. It should be more about training, culture change, process change and a more transparent relationship with your customers. GDPR is a massive business opportunity.  Because it is:

  • A chance to engage.
  • A chance to build trust in your brand.
  • A chance to have permission to know even more about your customer
  • A better chance of making your customer happy
  • At the same time as improving your operational effectiveness.

 

Post PIA Actions

Where though do you start. Post the PIA, organisations will be focusing on legitimate interest to process personal data and have a clear privacy policy. Plus ensure the house is in order in terms of process, security and the staff know about GDPR and their responsibilities.

Direct Marketing needs a fix

One outlier will need a new fix. This is a need to have consent for direct marketing purposes. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.  What you need is….

Consent Management Platform

…a consent management thing.  You need a service that enables an organisation to easily deploy a web plugin, that is run in the users preference centre, or as part of the sign-up process to your brand. Consentua is this service.  It describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Tell me more about Consentua

Consentua is made up of the following:

  • An easy to use framework accessible via a dashboard, used for the creation of your own consent templates, accessing your dedicated & secure client consent service(s).
  • Connects to a secure, highly available data repository which stores your users consent receipts.
  • Users interact with the API via a series of SDKs available for iOS/Android/Web.

 

Simply put it is a standards based consent hub.  Which provides an organisation a single consent repository, who they choose can access the receipts stored there, be they internal or external actors. The consent receipt (based on the Kantara Initiative Standard) is the audit point for GDPR consent compliance.

Flexible Control

The API provides a really flexible consent service that puts you in control over the personal data being requested.  Whilst at the same time giving the end user real choice and control over how their personal data is used.   Consent engagement builds trust and allows an organisation to grow their scope of purpose for the different types of personal data being used.  This is a  demonstration of being a good personal data guardian.

Consentua helps Personal Data Guardians

To wrap up, in this new post GDPR world, organisations need to focus on protection, transparency and building trust.   They are now temporary guardians of their users personal data, which means they will need to work hard to earn this trust as the user is now in control.   Anything that can make that transition to the new role easier should be embraced with open arms.

To know more about Consentua, go to consentua.com or contact@consentua.com

Leave a Reply

Your email address will not be published. Required fields are marked *