Power to the People! Giving Citizens their Personal Data Rights Back

Power to the People! Giving Citizens their Personal Data Rights Back

Written by J Cromack on Wed 01 Nov 2017

On the 19th October, I presented “Not enough Love and Digital Understanding” at the Together We’re Better conference at Bounce, Farringdon. It was a great event and MyLife Digital were glad to be a part of it. The panel discussions were illuminating too.

One of the questions asked was “What are the key attributes of winning your customers trust?”

By putting your customers at the heart of your GDPR strategy. By focusing on what is really important you will discover that without having to try too hard you will meet the legislative requirements on the processing of personal data. As we have been saying for years – before GDPR was on the tip of everybody’s tongue – the need is to Get Data Protection Right!

It seems of late that there are a lot of GDPR experts coming out of the woodwork, all seemingly with the answer. But there is no silver bullet for GDPR compliance, no quick fix, no magic wand.

The biggest change that GDPR brings is additional and strengthened Citizen Rights:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Across the EU hundreds of thousands of pounds, or euros, have been invested to better understand the GDPR text in relation to these rights and to develop population scale platforms which deliver solutions for personal data management or consultancy - to help organisations find their way. Some glossy brochures have been created and the GDPR expert born. 

But not everyone claiming to be an expert is – they may know about things that matter when talking about the citizen’s rights – but not about the information security management system stuff. We are still waiting on final guidance from the ICO so how can anyone call themselves an expert without all the facts?

That said, MyLife Digital took the decision very early on, even before the development phase of our platform, that trust had to sit at the heart everything we do. Starting with our platform name – Consentric - to have the Citizens’ consent at the centre.

We have gone on to gain ISO 27001 Information Security standard, Cyber Essentials and IASME Consortium certification, become members of the Direct Marketing Association and International Association of Privacy Professionals and been granted Crown Commercial Service supplier status under the GCloud 9 framework on the Digital Marketplace.

We have policies and procedures, values and a vision which we live by, helping us deliver best practice and improve efficiencies across the board. This may mean we haven’t been as nimble as some start-ups, but it does mean Privacy by Design is not only a key principle of the Consentric Platform, but also our own product development methods. We totally get that the weakest link in any data security system is people so we have a Privacy First and Trust culture throughout the business. 

A platform that delivers trust, from the ground up – now there’s a good idea!

We will not sell it as a GDPR compliant end to end solution. It’s not one size fits all. To deliver a full trust ecosystem requires a cultural shift involving the entire organisation – and it starts at the top.

We will also not preach what we think GDPR means just to sell our technology… that is for you to work out. I sat in on a presentation a few weeks ago where one of the big CRM vendors told the audience “you need consent (via an opt-in) to direct mail your database.” This simply is not true – Fake News! You can use a legitimate interest for processing data for direct marketing and the postal channel, providing you pass the balance test – does it feel right that you are mailing someone you may not have had a relationship with for a number of years? and have you informed them of their right to object? 

You need to be open and transparent with your target audience about how you intend to use their data. The reason the vendor said this was because this is how their solution works! Yep, if the opt-in for direct mail box wasn’t ticked then they couldn’t select that prospect or customer to engage with by post!

MyLife Digital has been preparing the way for Citizen Trust since 2014, before GDPR was a twinkle in the business consultants’ eye! We believe organisations need to rebalance the control of personal data back to the citizen. Accenture defines this ‘the empowerment principle of digital responsibility.’ We just think it’s common sense – as Wolfie Smith would say “Power to the People!”