Data sharing and collaboration platform, Datastreams

The prisoner’s dilemma of data sharing (and how to solve it)

An intro to the prisoner’s dilemma

Bad news: you and your partner are picked up for a crime and put in separate cells. Each of you is given the option to either stay silent (cooperate) or rat out their partner (defect / not-cooperate). If you choose to cooperate and your partner does as well, you both get one year in jail, but if your partner doesn’t cooperate and rats you out, you get three. On the other hand, if you choose to rat out your partner yourself and they stay silent, you get to walk free. However, if both of you choose to talk (not-cooperate), you both get two years. You are not particularly close with your partner and want to minimize your own time in jail. What do you do? If you need to think it over, a representation of the options and results is given below.

Model data sharing cooperate /defect, Datastreams

Upon pondering the situation, you and your partner find yourself in, you likely discover that defecting is the most attractive option every time. Regardless of what your partner chooses, you will always be better off if you choose to defect (not cooperate). Because your partner thinks the same way, he will not collaborate either. As a result, you will end up in a suboptimal situation where there is no cooperation, while both of you would have been better off if you had both chosen to cooperate.

The prisoner’s dilemma has been applied to many decision and cooperation problems over the years, but not yet to the concept of data-sharing in a B2B context. A shame, since insights in the prisoner’s dilemma can teach us a lot about why we do not share our data, and how we can start remedying that. In this think piece, we examine a modified version of the prisoner’s dilemma called the ‘data sharing dilemma’.

The data sharing dilemma

While you and I may not find ourselves in a criminal situation any time soon, we find ourselves in a prisoner’s dilemma of our own when deciding if we want to share data with other companies. This dilemma is visualized as the ‘data sharing dilemma’ in table 1.

The basic premise of the setup is that the direct cost and risks of sharing data or insights with another company amount to -1, while having a partner that cooperates with you in this way imparts much larger gains, represented by our number ‘6’. This cooperation can be the company sharing their data with you, or sharing insights based on the data you’ve shared with them.

Model data sharing cooperate / don't cooperate, Datastreams

Clearly, if both companies cooperate, both pay the price for sharing data or insights (-1), but gain the gains as well (5), amounting to a scoreboard of +5/+5 for each company. However, if one company cooperates (for instance: provides data), but the other does not reciprocate by sharing their own data or insights, the cooperating company is left with just the costs and not the gains (-1/6), while the other company has just the gains of data shared with them and none of the costs. To stay safe, we might choose not to cooperate at all, much like the prisoners in our story (0/0). From a rational perspective, this does seem to be the most logical choice.

In the end, our choices come down to answering a few questions: Do we trust other companies to collaborate with us, or will they only use our data to further their own business? Are we prepared to pay the costs of sharing our data for future gains beyond our control? Are we prepared to take the risk of cooperating, or do we stay in our safe yet suboptimal situation of not doing so? The fact that the potential of data sharing and collaboration has been widely acknowledged, but that the process itself is still fairly rare, seems to answer our question. While this seems a pessimistic view on the future of data sharing, the prisoner’s dilemma can be beaten by tweaking the situation the decision makers find themselves in.

Solving the prisoner’s dilemma

If we want to encourage data sharing, we need to understand how to break through the stalemate created by the prisoner’s dilemma. There are a few ways to do so, which can be applied to encourage data sharing collaboration in a B2B context.

1. Reduce risks and costs of data sharing

Sharing data often comes with a variety of costs and risks. In our modified example, this is represented by the -1 in our matrix. In the instance that both parties choose to collaborate, these costs and risks are compensated many times over by the results. However, if this doesn’t happen, data sharing only incurs costs and possible fines for the collaborating party, while the other party profits from a large reward without having to pay this cost. Why would anyone want to pay these costs without a guaranteed payoff?

Model data sharing cooperate / don't cooperate, Datastreams

This part of our dilemma holding back data sharing, can be solved by mitigating the cost and risk of data sharing. If we can make cooperating virtually ‘free’ (that is, without substantial cost and risk), this will lead to a different scenario. Since there is no significant cost to sharing, the ideal gains in our ‘cooperate’ situation are the same as the gains in the ‘don’t cooperate’ situation, since no costs needed to be subtracted. It is also less risky to share data, as is shown by the lack of minuses in the table.

By reducing the costs and risks of sharing data or insights, we can lower, or even remove, that early hurdle that prevents cooperation. Easy, safe ways of sharing, then, are part of the solution towards ensuring more data sharing and data collaboration. Solutions and platforms for sharing data in this way are one the rise, and we are happy to do our part with our Data Stream Manager. The DSM allows companies to share data easily and safely, among other features allowing the sharer to determine what data can and cannot be used for.

2. Establish contracts and/or outside regulation

One of the problems of the classic prisoner’s dilemma is that there are no real repercussions to not cooperating. If these are added (for instance by imagining a scenario of sequential prisoner’s dilemma’s where contestants indicate using a tit-for-that strategy, in which they will betray the next round if they are betrayed), cooperation is much more frequent.

Model data sharing cooperate / don't cooperate, Datastreams

In table 2, we see a similar issue in the data sharing dilemma: there are no repercussions for not cooperating, even when a partner does choose to do so. A company that cooperates by sharing information or still gets the same rewards as a company that only uses shared data for its own gains without sharing its own data or insights. We can overcome this by making non-cooperation costlier, reducing the gain for non-cooperation below the one for collaboration. This is the situation presented in table 3. Clearly, the rational choice in this table is to cooperate.

We can create the situation in table 3 by setting up a good contract or data sharing agreement between businesses. This allows companies to specify how and when data can be shared between businesses, and apply penalties to ‘non-cooperative behaviour. If companies beforehand specify that they will both share data with each other, which will be processed under a set of conditions, an enforceable data sharing agreement ensures that notdoing so comes at a cost. By coming to an agreement about data sharing with other companies before sharing data, cooperation becomes a more attractive option over non-cooperation. While this essentially solves the data sharing dilemma before it truly happens, companies need to be willing to sign such an agreement in the first place. For this to happen, the third point solution to the dilemma is invaluable.

3. Build trust between companies based on shared motivations, goals and values

The third solution to the prisoner’s dilemma is one which theoretically works even without the previous solutions: mutual trust. Two friends placed in the prisoner’s dilemma will be much less likely to betray each other (that is, not collaborate with each other). In the same way, establishing a foundation of shared values with your fellow company is a strong force in ensuring cooperation and collaboration. When approaching another company to set up a data sharing agreement, make sure that both parties understand where the value is in collaborating and how both parties can profit from it. Truly cooperative data sharing will be much more likely under these conditions, especially when supplemented by the solutions above.

Continue to think about collaboration

Choosing to share your company’s data is not always an easy choice; it often incurs costs and risks. Additionally, it might not always be the most rational choice, as we see in the first version of our data sharing dilemma. However, the potential of data cooperation and collaboration is great, as evidenced by a the ‘study on data sharing between companies in Europe’ commissioned by the European Commission. Therefore, thinking about data sharing and what is holding us back from practicing it more, is a worthy avenue to explore. This think piece demonstrates just one way of thinking about data collaboration and cooperation, using a well-known (thought) experiment on collaboration. We acknowledge that this text presents a somewhat oversimplified scenario of the complex issue of data sharing, but hope that this will trigger you, the reader, to think about this topic in a different way. We invite everyone to continue the discourse with us about the how’s and why (not)’s of data sharing, cooperation and collaboration!

GDPR Things for processors processing customer data

GDPR for Processors: Four things you should know (in six minutes)

The General Data Protection Regulation (GDPR) brings big changes for organisations processing customer data. To comply with the new legislation, it is crucial you understand where your responsibilities lie with the new legislation. In this blog, we present the four most important things a data processor should know about the GDPR.

1. The GDPR is a regulation that (also) applies to processors

One of the seemingly small, but very important differences between the GDPR and the Data Protection Directive, is that the GDPR is a regulation instead of a directive. The regulation status of the GDPR means it exerts a legally binding force on all member states. Concretely, this means the regulation applies the same way across all EU Member states.

The other difference between the Data Protection Directive and the GDPR, is that the GDPR places direct obligations on data processors for the first time. As data processor, you will be responsible for ensuring compliance, or risk being held liable by controller or data subjects and being fined by the authorities. Since controllers will be looking for compliant processors, demonstrating this compliance is also key to continue working with controllers at all!

2. The GDPR augments the rights of the subject

As data processor, you are generally less affected by the rights of the subject than data controllers. However, it is still important to understand the rights of the subject under the GDPR, as you will be expected to assist your controllers in respecting them in whatever way possible.

Under the GDPR, data subjects have the right to receive a copy of data being stored about them and can request data to be rectified. They can also object to the processing of their data and withdraw their consent at any time. Work with your controllers to streamline the procedures of removing and rectifying data or dealing with withdrawn consent to help them respect subject rights.

3. GDPR-compliance requires focus on some key areas

Many overviews of the GDPR are very extensive, including aspects of the regulation that might not be relevant for you as a data processor. There are, however, plenty of important changes you might need to implement as a data processor. We name five of the steps most data processors will have to take on the road to compliance. An extended list of actions can be found in our whitepaper.

  • In many cases you’ll have to designate a data protection officer (DPO) and communicate their contact details to the supervisory body. Even when not required by the GDPR, appointing a DPO is a good idea. This data protection officer is involved in all issues relating to the protection of personal data and holds an independent position in the company.
  • Ensure that no processing takes place on personal data except on the controller’s instructions. Make sure that this is common knowledge across your company, to prevent any natural person working for the company from doing so unknowingly. Additionally, ensure you do not engage with another processor without authorisation from the data controller.
  • When working with a controller, you should enter into written contract with the data controller to specify processing activities and duration. An example is entering into a “Data Processing Agreement” (DPA). Any sub-processors will be subject to the same contractual data protection obligations as between the first data processor and data controller.
  • As processor, you should provide sufficient guarantees to controllers that appropriate technical and organisational measures for GDPR compliance are implemented. Additionally, processors should ensure a level of security appropriate to the risk posed by data processing.
  • If you employ more than 250 people, you are required to maintain written records of processing activities. These records must contain specific information (specified in the GDPR) and be made available to supervisory authorities.

4. Non-compliance can have serious repercussions

We talked before about how non-compliance can have serious repercussions for data processors. Under the GDPR data subjects have the right to lodge complaints about data processing and, crucially, can hold the processor liable. Specifically, you can be held liable for the damage caused by processing where you have not complied with the GDPR obligations, or where you have acted contrary to the lawful instructions of your data controller. Finally, just like controllers, fines up to €20,000,000 or up to 4% of global turnover can be imposed on non-compliant organisations.

The GDPR is a complex legislation, and this blog by no means offers an exhaustive overview of its content. Cooperation between your legal department, IT department, upper management and outside professionals is key to getting to grips with the GDPR in time. At Datastreams.io we are happy to do our part, providing our Data Stream Manager and Consent manager. These solutions allow you to manage data streams and consent in your company in a comprehensive and structured way, so you can get one step closer to GDPR-compliance.

GDPR Things  for controllers collecting and processing customer data

GDPR for Controllers: Six things you should know (in six minutes)

The General Data Protection Regulation (GDPR) brings big changes for businesses collecting or processing customer data. To comply with the new legislation, it is crucial you understand where your responsibilities lie with the new legislation. In this blog, we present the six most important things a data controller should know about the GDPR.

1. The GDPR is a regulation that (also) applies to processors

One of the seemingly innocuous, but very important differences between the GDPR and the privacy directive, is that the GDPR is a regulation instead of a directive. The regulation status of the GDPR means it exerts a legally binding force on all member states. Concretely, this means the regulation applies the same way across all EU Member states.

The other difference between the privacy directive and the GDPR, is that the GDPR holds processors responsible for processing data in a compliant way. Data processors are required to demonstrate compliance to GDPR regulation to avoid fines. Additionally, data controllers are only allowed to work with processors who provide sufficient guarantees towards doing so. This means your processors will likely be more motivated towards ensuring compliant processing, but it also highlights the importance of carefully selecting your processors.

2. Compliance with GDPR-principles must be demonstrated

The GDPR contains several important principles that you need to understand and incorporate into your own business practices. Crucially, you will also need to actively demonstrate your compliance with these principles. The first set of principles concerns the data protection principles. These principles ensure processing is fair and transparent and that no unnecessary data is collected, processed or stored. Additionally, you’ll need to demonstrate lawful processing. This means that processing has to be based on one of the grounds for processing, such as consent or contracts. If you use consent as your processing base, you need to ensure it is through a freely given, specific, informed and unambiguous indication of the data subject’s wishes. Finally, you must make reasonable efforts to verify parental consent.

3. The GDPR augments the rights of the subject

One of the reasons why the GDPR is a good regulation for data subjects, is that it improves upon their rights. It’s important that data controllers understand what rights data subjects have and ensure these rights are respected.

Under the GDPR, data subjects have the right to receive a copy of data being stored about them and can request data to be rectified or erased. They can also object to the processing of their data and withdraw their consent at any time. These are just a few of the rights a subject has, but they are enough to show the amount of power data subjects have over their data after you’ve collected it. Make sure you communicate these rights to your customers and respect them at all times for compliant processing and a good customer relationship.

4. The GDPR is also about communication

The GDPR is not just about how you handle data, it’s also about how you deal with people. The regulation requires you to communicate with your data subjects in a concise and transparent manner regarding your data collection activities. Additionally, you need to provide customers with information such as about your company, processing purposes and contact details when collecting their data. Also, make sure you communicate requested information and any rectification or erasure of personal data to your customers. Finally, be prepared to inform your data subjects without undue delay of a personal data breach.

5. GDPR-compliance requires focus on some key areas

The GDPR is a broad legislation, touching upon many different areas of data processing. Exactly which changes you have to make depends on the structure of your company and a full list of possible actions would be quite long. We have, however, compiled five key areas that you should focus on. See our whitepaper for an extended list of possible actions.

  • In many cases you’ll have to Designate a Data Protection Officer and communicate their contact details to the supervisory body. Even when not required by the GDPR, appointing a DPO is a good idea. This data protection officer is involved in all issues relating to the protection of personal data and holds an independent position in the company.
  • Implement appropriate technical and organisational measures to ensure appropriate security and demonstrate processing is in line with the GDPR regulations. You should also become familiar with the principles of data protection by design and default, implementing data protection principles in every part of handling customer data. Crucially, as a controller you should make sure your processors do so as well.
  • If you employ more than 250 people, you are required to maintain written records of processing activities. These records must contain specific information (specified in the GDPR) and be made available to supervisory authorities.
  • When working with a processor, make sure to enter into a written contract to specify processing activities and duration. Ensure this contract specifies important GDPR obligations, such as that processors are may only act on our instructions.
  • carry out a Data Protection Impact Assessment (DPIA) prior to carrying out potentially high-risk processing, and seek the advice of its DPO while doing so. If you don’t take measures to mitigate the risk, supervisory authorities should be consulted.

6. Non-compliance can have serious repercussions

We don’t want to scare you, but non-compliance with the GDPR can turn out to pose a big threat to your business. Under the GDPR data subjects have the right to lodge complaints about your data processing. Additionally, controllers are liable for damages caused by non-compliant processing and data subjects might have the right to receive compensation. Finally, fines of up to €20,000,000 or up to 4% of global turnover can be given to non-compliant organisations.

The GDPR is a complex legislation, and this blog by no means offers an exhaustive overview of its content. Cooperation between your legal department, IT department, upper management and outside professionals is key to getting to grips with the GDPR in time. At Datastreams.io we are happy to do our part, providing our Data Stream Manager and Consent manager. These solutions allow you to manage data streams and consent in your company in a comprehensive and structured way, so you can get one step closer to GDPR-compliance.

GDPR, why coorperation is key, Datastreams Blog!

The GDPR: why Cooperation is key

In our series of ‘GDPR Guide’ blogs, we briefly advise the Chief Data Officer (CDO), Data Protection Officer (DPO), Chief Marketing Officer (CMO) and Chief Revenue Officer (CRO) on how to approach the GDPR. While these guides offer a foothold for dealing with the GDPR, we believe that the true key to succeeding as a data-driven business under GDPR pressure is both simple and surprisingly difficult: cooperation.

Cooperation with the Data protection officer

Cooperation with your Data Protection Officer (DPO) across the company is a first important step to fostering a culture of compliance in your company. Your DPO needs to be able to provide everyone across the business with the knowledge they need to make compliant decisions. To fulfil this advisory role successfully, the DPO needs to have access to all departments, and people across the company need to be open to advice from the DPO. Additionally, employees in all departments should be pro-active in complying with the GDPR, asking the DPO for advice where necessary. Through this open communication, the DPO helps the other departments to keep doing their job in a way that is GDPR compliant.

Departments across the company should also take responsibilities in allowing the DPO to do their job. Employees across the company should provide the DPO with the software and information required for monitoring the company’s activities. Ideally, The Chief Data Officer builds a data stream map and grants the DPO access to monitoring software, while the Chief Marketing Officer provides the DPO with information on consent gathering procedures, and the Chief Revenue Officer responds to the DPO’s requests regarding SEPA numbers and employee ID numbers. It is this cooperation that allows the DPO to be as effective and efficient as possible.

Cooperation between departments

Of course, cooperation with the Data Protection Officer is important, but the GDPR presents the perfect reason to start breaking down all those silos inside your company. As your company implements new regulations and software in the move towards compliance, allowing input from employees across departments can prove instrumental in making the best choices for the business as a whole.

Ideally, if the CDO plans to implement a new data management system (as suggested by the DPO), he also asks the other departments for their input. The marketing department might inform him that a way to manage consent is required, while the CRO might express his wish for a system that ensures data quality. Because the CDO knows what is important in the software besides compliance, he can implement the solution that best suits the needs of everyone in the company. As a bonus, because the marketing department is more aware of the steps taken to ensure customer privacy, they might be able to leverage the CDO’s effort to use it as a competitive advantage.

Cooperation with outside help

While clever utilisation of the knowledge already present in your company will go a long way towards making GDPR compliance a reality, you shouldn’t be afraid to call upon outside help for compliance. Whether it’s knowledge that is not present in your company or a new piece of software that needs to be implemented, outside help can fill the gap of knowledge or resources present in your company. At Datastreams.io, we are happy to help you on the road towards compliance with one of our GDPR-proof solutions. Contact us to find out more or request a demo!

Chief Data Officer, brief guide for the GDPR, Datastreams

The GDPR: a brief guide for the Chief Data Officer

May 25th, 2018; the date the GDPR goes into effect. There is certainly plenty of information on the internet about what the GDPR is and what it requires from businesses. However, the impact the GDPR will have on your daily life might not be as apparent. In a series of blogs, we discuss the impact the GDPR will have on you and the changes you will have to make to continue working effectively under the new regulation. Today: The Chief Data Officer.

Realise your responsibilities

As Chief Data Officer, it’s your job to democratise the data: put the right data in the hands of the right people. While you certainly might be more hands-on with your data at times, it is your job to implement the rules and policies for regulating where data does (and doesn’t!) go. Besides managing the data infrastructure of your company, compliancy and security fall under your responsibility. No surprise, then, that the GDPR will certainly increase pressure as you move towards a compliancy-based data economy. Realising the responsibilities that come with the GDPR, is an important first step towards adapting to this new regulation.

Learn to work with your Data Protection Officer

Specifically, the GDPR means your company will often need to appoint a Data Protection Officer. This DPO will independently assess and audit the way data is managed in your company, meaning that it is crucial that you learn to work with your DPO instead of seeing him or her as a hindrance. Your DPO is independent and does not determine (or is concerned with) the purpose of the processing in your company. It will be your job to immediately address any concerns your DPO might raise, while still ensuring valuable data can be utilised optimally.

The GDPR also means you’ll have to ensure that you manage data in a responsible and well-documented way. Expect your DPO to ask you for an overview of what data is collected and who has access to specific parts of the data. To answer to these and other queries of your DPO, a wise step would be to start building your data stream map; an overview of the data that is collected, streamed and processed in your company.

See the opportunities in change

As a CDO it’s also important to realise that the GDPR is not just a challenge, it’s also an opportunity to finally implement all these changes you’ve been petitioning for years. The GDPR is the perfect opportunity to set up a new data infrastructure that is not only GDPR-compliant, but also more effective on all other aspects. The job of the CDO after the GDPR comes into effect, then, will not just be to conform to the required changes set by the DPO, but to ride the wave of change towards improvement on all aspects of data governance.

Use the right tool for the job

The tools you are currently using in your company might not comply with GDPR regulations, or allow you to perform your new duties under the GDPR. New tools designed for compliance might help turn that GDPR-pressure around. Our Data Stream Manager allows you to manage where the data in your company goes in a secure, GDPR-compliant way. The DSM enables you to easily manage and map where your data is collected and where it ends up, providing you with both the control and documentation you need. Security levels for sources and destinations means you’ll never accidentally send data to the wrong place, while comprehensive omnichannel-integration gives you an excellent 360-degree view of your customers to boot. Are you ready for the GDPR?

Chief Marketing Officer, brief guide for the GDPR, Datastreams

The GDPR: a brief guide for the Chief Marketing Officer

May 25th, 2018; the date the GDPR goes into effect. There is certainly plenty of information on the internet about what the GDPR is and what it requires from businesses. However, the impact the GDPR will have on your daily life might not be as apparent. In a series of blogs, we discuss the impact the GDPR will have on you and the changes you will have to make to continue working effectively under the new regulation. Today, the professional in a field that is highly impacted by the shift towards big data: The Chief Marketing officer.

Be unafraid & work together

As Chief Marketing Officer, you are probably familiar with how important data has become in the world of online marketing. Indeed, gathering data on customers is growing more and more important for developing 360-degree customer insight, adaptive real-time targeting, personalised content and improved customer experiences.

With the GDPR placing limitations on the collection and processing of personal data, you’d be forgiven for being hesitant in relying too much on data in your marketing. However, under the GDPR there is still plenty of room for data-driven marketing. While the GDPR certainly provides some challenges for marketers, it’s important to realise how valuable customer data continues to be. Work together with your Data Protection Officer to find ways to collect and process data in a GDPR-compliant way. The possibilities are greater than you might think!

Be transparent & honest

An important part of the GDPR is increased transparency. Customers need to be fully informed of where and why their data is collected, as well as being informed of their rights. This means you’ll likely need to rewrite your privacy statement and cookie-pop up to inform customers of your activities and their rights. This includes, but is not limited to, the right to be forgotten and the right to withdraw consent.

While being transparent is a central part of complying with the GDPR and avoiding fines, communicating honestly with customers is also crucial to forming a good relationship with customers. Customers are getting increasingly worried about their information and what happens with it. Unsurprisingly, they increasingly shy away from companies they feel they can’t trust. Your cookie pop-up and privacy policy could very well be one of the first things a customer encounters on your website, making them a great tool to communicate your dedication to keeping their data safe to your customers. Being honest and transparent, then, is not only a way to comply with the GDPR, but also a great move marketing-wise.

Be relevant & fun

The GDPR hands a lot of control over their data back to the customer. Under the GDPR, customers have more control over when and how they can be approached by companies. For instance, building an email list can no longer be done via opt-out measures or adding addresses collected for other purposes to your newsletter list. Instead, you have to collect fully informed, unambiguous consent before you can start sending newsletters.

The increasing control customers have over which company they interact with, means it’s important to be relevant and fun for customers. Produce valuable content and give your customers a reason to want to read your website or subscribe to your newsletter. Additionally, inform your customers that the data you collect will be used to provide them with personalised offers. Since customers like being approached in a personalised way, this will only cause your marketing efforts to be more focused and effective, but will also make customers more likely to give their consent. Summarising: don’t try to break down the door unannounced: work on being invited in.

Use the right tool for the job

The GDPR will certainly be a challenge for marketers, and an important part of tackling that challenge is using the right tools for the job. Consider implementing a data management platform to manage your tracking scripts and your customers’ content settings. Our Data Stream Manager is an easy and comprehensive way of managing the customer data you collect and process. Additionally, our consent management solution allows you to create modular consent pop-ups to collect informed consent for different processing purposes. Additionally, it allows you to manage the collected consent in a dynamic way.

Data Protection Officer, brief guide for the GDPR, Datastreams

The GDPR: a brief guide for the Data Protection Officer

May 25th, 2018; the date the GDPR goes into effect. There is certainly plenty of information on the internet about what the GDPR is and what it requires from businesses. However, the impact the GDPR will have on your daily life might not be as apparent. In a series of blogs, we discuss the impact the GDPR will have on you and the changes you will have to make to continue working effectively under the new regulation. Today, the newest addition to many companies: The Data Protection officer.

Establish your role

As Data Protection Officer, you occupy an interesting position in your company. Your presence in your company is likely mandated by the GDPR, but your exact role and duties might be unclear to your colleagues, or even to yourself. As DPO, it is important that your colleagues (and more importantly: managers) know what your role entails, especially if you were appointed as DPO on top of your regular occupation. They must understand that you must have the freedom to act independently, that you cannot be instructed on how to investigate your company’s processing, that you cannot be penalised for performing your duty and that you can’t be personally held accountable for (non)compliance.

On the other hand, it is important your colleagues realise you can be approached for questions regarding GDPR and compliance, as you are as much an advisor as you are an officer. Establishing who you are, what you do and which access you are entitled to, helps you work together with your colleagues and management in an effective and efficient way.

Know your company’s data infrastructure

There’s many reasons why one of the first priorities when starting your work as a DPO, is to gain a clear overview of the data infrastructure of your company. If you have no idea where and how data is transported in your company, it is difficult to locate problems in data processing or collection activities. Furthermore, keeping records of data processing activities (as required by article 30) requires a clear overview of the data infrastructure of your company. In most cases, you won’t actually have to start mapping the data yourself, but work with your Chief Data Officer to build a data stream map as fast as possible, so you have a strong foundation to build future activities on.

Don’t forget about people

With a lot of processing activities to audit and evaluate, it might be easy to focus on the processing and forget about the people. However, training and educating your colleagues is an important part of your job. It’s your job to inform your colleagues about the GDPR and advise them on ways to perform their jobs while complying with the GDPR. Fostering a culture of GDPR compliance and privacy by design and default is an effective way of making sure everyone does their part in helping the company become GDPR compliant, which also makes you are more efficient employee.

Use the right tool for the job

Since the DPO is a new position in many companies, it makes sense that not all the tools you need to do your job are present in your company. Like any professional, it’s important you have the right tools for the job. Our Data Stream Manager helps you and the CDO to gain an overview of the data collection, streaming and processing activities in your company, making auditing and reporting activities much simpler. Additionally, the DPO has been designed to keep your data streams secure and provide you with an easy way of managing who has access to the data collected in your company, making it an excellent tool for any DPO to have.

Chief Revenue Officer, brief guide for the GDPR, Datastreams

The GDPR: a brief guide for the Chief Revenue Officer

May 25th, 2018; the date the GDPR goes into effect. There is certainly plenty of information on the internet about what the GDPR is and what it requires from businesses. However, the impact the GDPR will have on your daily life might not be as apparent. In a series of blogs, we discuss the impact the GDPR will have on you and the changes you will have to make to continue working effectively under the new regulation. This time, we discuss some important GDPR guidelines for the Chief Revenue Officer.

Strike a balance

As Chief Revenue Officer, you are likely used to performing a balancing act: balancing marketing versus sales or direct conversions versus long-term content strategies. The GDPR will bring an extra challenge: striking a balance between GDPR demands and financial results. As your Data Protection Officer is not concerned with the financial impacts of GDPR-guidelines, you might find yourself at odds with him or her at times. Working together with your DPO to comply with the GDPR while still being able to perform valuable analytics, is crucial.

Break down silos

An issue in companies that is growing in magnitude as the GDPR approaches, is the silos that might still be present in your company. As Chief Revenue Officer is it vital you break down silos in your company to allow marketing, sales and customer relations to work together towards a single goal. Open communication with the data protection officer and even the IT department is also growing in importance, as clarity on where data is processed for with purpose is vital for complying with the GDPR.

Continue to be data driven

The best Chief Revenue Officers are data-driven, and this will not change under the GDPR. Collecting omnichannel customer data and using it to proactively address customer issues, is still one of the most effective ways of ensuring more (and more predictable) revenue. While collecting customer data will be more difficult under the GDPR, doing it will be more important than ever to identify market opportunities.

For the data-driven revenue officer, the GDPR might actually turn out to be a blessing in disguise. The GDPR will force many companies to adopt a more structured approach towards gathering and processing data. Companies will likely turn to data management platforms and the like to map and manage the data they collect. A smart CRO will be able to use this data management platform, along with other technologies, to collect and process a wide variety of data in a more comprehensive way. Work together with your data protection officer and higher management to ensure you can reap the benefits from any new technology that is being brought in. In other words…

Use the right tools for the job

The ideal data management tool does not only ensure GDPR-compliant processing, but also provides you with constant access to comprehensive, complete, quality data. Our Data Stream Manager has been developed not only with the GDPR in mind, but also with a dedication to ensuring quality data across the company. Whether you are interested in optimising conversion rates or analysing customer behaviour, the Data Stream Manager enables you to perform analytics on complete, integrated datasets. This way, we aim to help you improve your current revenue and discover valuable new business opportunities in a GDPR-compliant way.

Combining Consent Management and the DPO Controller Portal

Combining the DPO Controller Portal with Consent Management

The General Data Protection Regulation (GDPR) influences all organisations that do business within the European Union or processes any kind of personal data that belong to European citizens. Complying with the GDPR rules should not be underestimated, as it takes a lot of time and effort from all each department within an organisation. The complexity has to do with, among other things, the differences between the preferences, processes and permissions of all departments. But taking the next steps is necessary to prevent any type of fines and – even more important – to preserve customers trust.

The marketing department
The risk for the marketing department concerns the complexity of the data they collect and that it might be used for purposes a user didn’t approve. The cookie request for overall marketing purposes that is used by most companies at the moment does not meet the requirements of the regulation. The GDPR provides a much-needed, updated definition of consent, defining it as:  “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”. This means companies need to specify their requirements and the marketing department can only use the collected data for that purpose.

The right of the users
Before an organisation can collect any kind of information about a visitor, they need to ask for consent. And as the GDPR states, each individual has the right to change their preferred setting at any time. Organisations should adapt to this feature by implementing privacy by design principles in their processes. One of biggest concerns is that there are a lot of companies that use Google Analytics (GA). GA will gather the data of the users before they can decline anything and the result is that a company is not compliant – before the regulatory authorities even checks their other processes. With a solution such as our consent manager, individuals can change their preferred settings at any time. This way the user does not only think they have control over their settings, they actually do. Every time an individual uses the consent manager, it will change instantly.

The influence of the DPO
According to the GDPR, many companies require assigning a DPO along with their name and contact details. The most important role of the DPO is managing the data streams that take place within the company and control the data agreements with third parties. When there is the need for a new connection between a data source (of any kind) and a destination, it needs to be requested to the DPO of the organisation. Firstly, the DPO checks the purpose and estimates whether this is legally permitted. After that, the DPO informs the requester if the data stream is approved or not. The Datastream portal makes it possible for the DPO to control all the data streams that exist within a company and its trusted parties. It also shows the DPO insights of which data is collected, what settings the user chose and for what purposes the user gave opt-in.

The complexity of technology
Luckily Datastreams.io understands the complexity of technology and that it might be difficult for companies to comply data streams between systems and with the different roles of sources and destinations. Not only might the complexity of technology be a burden, but to adapt to the GDPR in all processes, it demands a lot of effort from the IT department. This is why Datastreams.io provides a GDPR compliant solution that only requires a Single Line Of Code, the SLOC. It is not designed to replace any kind of technology or tool an organisation currently has, but it is meant to provide the controller portal for the DPO and to provide secure, privacy by design transport between internal and external systems. Why not start today?

Collecting data on a colaboration data platform Datastreams

Data loves to speak, we just need to listen

We humans, by our very nature, are storytellers. The hundreds of myths and legends spread throughout history are a poignant indicator of the human drive to create and share stories. Stories have always been closely interwoven with data. Data provides the start for every story, the wellspring for tales both real and fictitious. From the moment, we are born and commit our date of birth to the world, we leave behind trails of data in everything we do, until we finally close out our story with the date we die. An autobiography, in a way, written in the data we leave behind.

Data speaks to those willing to listen. “Where do you get your inspiration from?” Is a common question to writers and innovators of other types. The answer, often, is something we have all observed: an idea we’re all familiar with, an event we have all witnessed or a fact we all know. The question “Why didn’t I think of that?” often rises when we see innovations or hear stories. When the stories are told to us and we look at the data they are based on, it seems to clear what the data had been telling us all along. Why, then, didn’t we hear it talk before? The answer is simple: we weren’t listening.

Companies have realized the potential in data for quite a while. As companies, we love collecting data from our customers, running analytics and crunching data until it churns out results. We know the percentages, the uptakes in sales, the averages. When we see data (and we see a lot of data) we are prone to asking ourselves: “What can we do with this data?” when we should be asking “What is this data telling me?”

Professor of Economics Robert Coase was right when he said: “If you torture the data long enough, it will confess.” Indeed, if we analyze the enormous amounts of data available, we will find the cold, analytic information we are looking for. But as is the question with all information obtained through torture: how truthful is the story we are told? It is time we stop torturing our data and start listing to it, start looking at it through the eyes of an artist. Only then will we come to ideas that will make our competitors scratch their heads and think: “Why didn’t I think of that?”.