People want more control over their data

Share this post:

A recent survey (directed towards Communication Service Providers) by the IBM Institute for Business Value clearly shows that only 4% of the respondents don’t need control over their personal data while the vast majority desire some level of control. As a GDPR consultant, every insight on data privacy is another opportunity to guide how we can respond.



The sheer volume of personal data that organizations gather is substantial, and growing rapidly. We often unintentionally leave our digital footprints everywhere. The data from smart devices and the Internet of Things make up a particularly large part of that growth. When a company gathers data based on personal information, it should not be used without valid reasons. Once GDPR takes effect, informed and explicit consent will be mandatory for many uses of personal data. And this consent will have to clearly indicate the data and the purpose(s) for which it will be used.  The approach can no longer be to collect as much personal data as possible, and use however a company wishes.

The way consent is requested is also relevant. Requests are currently usually very ambiguous – but clarity is clearly mandated by GDPR. Currently, in many cases, you are expected to agree with a highly complex legal statement with just one click. The question we now face is how your company can ensure compliance with the new privacy rules and simultaneously giving end users more insight into and control of their personal data. Pursuing that subject, I came into contact with Sima Nadler, who is leading the research on privacy and consent management at IBM Research Lab in Haifa.

In the lab, she worked in close collaboration with fellow professionals on developing an automated solution that can help make the process run smoothly, from managing personal information all the way to consent management. All the available data on a specific individual are compiled in that consent system. In addition, it documents all the ways (purposes) for which consent has been given to use the data. This approach allows the data subject to give detailed consent for data use.

If, for instance, a web shop asks for your address to send you a package, it is allowed to use that information for only that specific purpose. Only after consent can that information also be used to send you an advertisement, for instance. This distinction will need a service that can be used for a person to give more intricate consent. The tool developed in Haifa supports consent management in an integrated process.



GDPR requires more than just consent to use data; you also need to be able to see what data a company actually using of you and for what purposes it is used. An additional benefit of the consent management tool is that it can be used for both newly developed solutions as well as systems and existing ones. The solution also offers flexibility to handle current forms of data use as well as future options.

Please refer to this page for more details on data privacy in general and consent management in particular.

Rob Langhorst

IBM nominated as ICT service supplier – Computable Awards 2017

Privacy issues are changing and the new legislation is leading. In May 2018, the new GDPR legislation will become effective, with new requirements for processing and processing personal data. IBM is one of the largest data processors and has acquired the necessary knowledge with previous privacy laws. It has resulted in a GDPR-specific architecture framework that IBM offers as a service. The main purpose of the GDPR assessment is a roadmap that prepares an organization for this GDPR legislation and to test risk factors in the organization of the client.

The complete jury report (in Dutch)

Vote for ICT service supplier of the year – IBM – Computable Awards 2017!


Notice:  Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.


European GDPR Offering Leader, IBM The Netherlands

More stories

Rethinking the future with Victoria Bunyard, CTO IBM Benelux

In July 2020, IBM Benelux welcomed Victoria Bunyard as their new CTO. British by birth, Ms Bunyard moved to the Netherlands in 2004 and has found her second home close to the beach in Noordwijk. Her biggest passions? Rowing on the Amstel, skiing, and, of course, driving innovation. When you ask Victoria Bunyard about her […]

Continue reading

IBM joins the High-Tech Software Cluster to help accelerate digital transformation within the Dutch high tech & smart systems industry

The digital journeys of the past decade are now becoming cognitive journeys driven by the maturity of IoT, AI, blockchain, automation, 5G, edge computing and other exponential technologies. As these capabilities are applied at scale, they increasingly result in change to the core of organizations — and their mission-critical capabilities — to reshape their competitive […]

Continue reading

Werk nog beter op meer dan 1,5 meter

4 tips voor overheden om structureel digitaal samen te werken We zijn 7 maanden na de uitbraak van de coronacrisis. Jij en je collega’s werken afwisselend thuis en op kantoor. Een aantal grote projecten heeft misschien vertraging of wordt uitgesteld tot normalere tijden. En wellicht duikt er hier en daar een vorm van onlinemeetingmoeheid op. […]

Continue reading