13/04/2017 | Written by: Rob Langhorst
Share this post:
A recent survey (directed towards Communication Service Providers) by the IBM Institute for Business Value clearly shows that only 4% of the respondents don’t need control over their personal data while the vast majority desire some level of control. As a GDPR consultant, every insight on data privacy is another opportunity to guide how we can respond.
The sheer volume of personal data that organizations gather is substantial, and growing rapidly. We often unintentionally leave our digital footprints everywhere. The data from smart devices and the Internet of Things make up a particularly large part of that growth. When a company gathers data based on personal information, it should not be used without valid reasons. Once GDPR takes effect, informed and explicit consent will be mandatory for many uses of personal data. And this consent will have to clearly indicate the data and the purpose(s) for which it will be used. The approach can no longer be to collect as much personal data as possible, and use however a company wishes.
The way consent is requested is also relevant. Requests are currently usually very ambiguous – but clarity is clearly mandated by GDPR. Currently, in many cases, you are expected to agree with a highly complex legal statement with just one click. The question we now face is how your company can ensure compliance with the new privacy rules and simultaneously giving end users more insight into and control of their personal data. Pursuing that subject, I came into contact with Sima Nadler, who is leading the research on privacy and consent management at IBM Research Lab in Haifa.
In the lab, she worked in close collaboration with fellow professionals on developing an automated solution that can help make the process run smoothly, from managing personal information all the way to consent management. All the available data on a specific individual are compiled in that consent system. In addition, it documents all the ways (purposes) for which consent has been given to use the data. This approach allows the data subject to give detailed consent for data use.
If, for instance, a web shop asks for your address to send you a package, it is allowed to use that information for only that specific purpose. Only after consent can that information also be used to send you an advertisement, for instance. This distinction will need a service that can be used for a person to give more intricate consent. The tool developed in Haifa supports consent management in an integrated process.
GDPR requires more than just consent to use data; you also need to be able to see what data a company actually using of you and for what purposes it is used. An additional benefit of the consent management tool is that it can be used for both newly developed solutions as well as systems and existing ones. The solution also offers flexibility to handle current forms of data use as well as future options.
Please refer to this page for more details on data privacy in general and consent management in particular.
IBM nominated as ICT service supplier – Computable Awards 2017
Privacy issues are changing and the new legislation is leading. In May 2018, the new GDPR legislation will become effective, with new requirements for processing and processing personal data. IBM is one of the largest data processors and has acquired the necessary knowledge with previous privacy laws. It has resulted in a GDPR-specific architecture framework that IBM offers as a service. The main purpose of the GDPR assessment is a roadmap that prepares an organization for this GDPR legislation and to test risk factors in the organization of the client.
The complete jury report (in Dutch)
Vote for ICT service supplier of the year – IBM – Computable Awards 2017!
Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.