Consent Management: Interview with our Data Protection Officer
After proudly sharing our ‘Consent Manager Solution’ via Social Media, we received some quite interesting questions from our connections. Therefore, we decided to share our “behind the scenes” steps and reasons for building this solution. How better to do this, then to ask Nick Wood, our ‘Data Protection Officer’ to give us the insights.
Let’s start with the obvious question: Why?
“The GDPR will be effective May 25th 2018 and there will be no room for loose interpretations or excuses. The data subjects privacy rights and lawful grounds for collecting and processing their data need to be 100% respected. Asking for consent during the online interaction won’t be a maybe but a MUST. Without explicit consent, organisations won’t have any legitimate grounds for data collection and processing. By neglecting GDPR requirements they risk to be heavily fined and their brand damaged.
Next to this external mandatory reason, our strongest drive stems from our corporate belief and main mission statement: ‘Empowering data-driven collaboration by providing governed access to trusted data sources.’ This joint purpose inspires our team to push forward, developing tangible and reliable solutions as fast as we possibly can. Have we found the perfect recipe, yet? That is a debate for another day. For now, we invite everyone to join and give us a hand.”
How does it work?
“Our Consent Manager is built with the ICO GDPR consent guidance in mind and based on the key requirements for asking consent in a GDPR compliant way. Along the way, we realised that offering DPO’s the flexibility to adapt their message to various data subjects is very important and a major plus. This enables them to continuously be transparent and in line with the activities done in the background.
During development, we also looked into the robustness of the solution. The DimML language gave us the flexibility to store consent choices in multiple places. This is not only essential for keeping records on consent evidence, but also for reporting purposes in relation to bounce and consent rate.
There is a general fear, that asking for consent will trigger data subjects to avoid sharing their data. As a result, less data can be collected for customer experience insights. We are not that afraid, but strongly believe that by empowering online users in a respectful way, they will feel more engaged and will be more inclined to share their data with trusted organisations.
When it gets to functionality, you can see the Consent Manager as a filter. Based on the choice a data subject makes, only what they agree to be shared will be forwarded to one or multiple endpoints. Further along the pipeline – through the governed data logistics our Data Stream Manager offers – another filter will be applied to make sure that sensitive data will not be sent to end points that do not have the proper security implementations in place.”
Who will benefit from this Consent Management Solution?
“In short. Everyone.
First of all the Data Subjects. They are the main reason for this whole set up. Through the GDPR, authorities want to give data control back to individuals. We underline this ‘Power to the people’ concept and that’s why we also implemented the Consent Manager on our own website. As stated, offering transparency and trusted experiences to data subjects is one of our core missions.
Furthermore, we discovered that this is also a challenge for our partners and their customers. As a result, we made our Consent Management solution to be flexible and customisable to any requirements Controllers might have.
Secondly, Data Controllers. We started this whole process for our own online environment to be in line with such legislation as the GDPR. We wanted to offer trusted customer experiences to visitors and engage with them, whilst safeguarding our online reputation.
Asking for appropriate consent from data subjects falls under remit of the Controllers’ Data Protection Officer (DPO). Furthermore, he/she needs to make sure their organisation keeps records of consent as evidence, should this be required by regulatory authorities later on. As I mentioned earlier, with our solution you can collect and keep records of the consent choices.
It is also relevant to mention here about regular consent reviews. These need to be adapted to continuous business changes. Having a solution that offers the possibility to adapt the message communicated to online users will spare any DPO of a lot of headache.
So last but not least, Data Processors. Only having a Consent Management solution is not sufficient. It needs to be integrated within the entire data logistics process. The process doesn’t stop when the data subject has made a decision in terms of what he/she wants to share. Based on the consent choice, data needs to be collected and processed, then stored and finally visualised to enable data-driven decisions. Integrating this solution with the Data Stream Manager, processors get instant control over the entire process and offer their customers (data controllers) security over their data management process. Thus, building trusted relationships and increasing their business ROI and improving brand reputation .”
What are the plans for the near future?
“We are frequently in touch with our partners and processing their feedback. This way they help us to constantly improve upon the current version. So, stay close to see new developments and should you have any feedback, please let us know.”
This post was originally posted on Pulse, LinkedIn.