SlideShare a Scribd company logo

UXPSystems_whitepaper_Privacy_Nov182016

A
Andrey Plotnikov
1 of 9
Download to read offline
USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy UXP Systems’ Whitepaper | November 2016
UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR POWERING THE DIGITAL USER LIFECYCLE | Pg 2 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Introduction In the era of the digital user, we have become accustomed to using mobile devices, usernames and biometrics to identify ourselves and access digital services. With every interaction, we leave digital popcorn trails of our activities, preferences and behaviours. Behind the curtains of every app or portal are systems that identify who we are and what we do online. This data is used to deliver services, enrich user experiences and drive monetization. Personalization in the digital age has come at the great expense of our privacy. To restore order between the competing mandates of personalization and privacy, the EU has introduced the General Data Protection Regulation (GDPR). By 2018, any enterprise doing business in the EU must comply with it. I. THE PRIVACY IMPERATIVE Why Privacy Matters Now Data: Subjects, Controllers, Processors Distilled to its basics, the GDPR defines an interlocked chain of three entities working in concert to put users back in control of their personal data: Data Subjects, Data Controllers and Data Processors. Enterprises (Data Controllers) must re-stitch their fragmented systems and processes to ensure that individuals (Data Subjects) can create consent-based relationships to govern the use of their personal data in downstream systems (Data Processors). The complexity in this kind of user-centric paradigm is immense. First, its scope will cross a wide breadth of systems. Firms that cannot aggregate, unify, explain and expose personal data to their end users will fail to achieve compliance. Perhaps more importantly, GDPR proposes a paradigm change, where enterprises must operate from the end-user in, as opposed to back-office out.
POWERING TH DIGITAL USER LIFECYCLE | Pg 3 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Data Subjects: Focusing on the User At the heart of the GDPR is the mandate that every user of a service be put in control of their own data. This objective in itself presents a challenge to enterprises that may lack a homogenous model to manage their many users, or Data Subjects. For instance, take the telecoms operator who provides wireless service to a household. A Data Subject is a customer paying a bill. Data Subjects also include individual adults and children who have wireless devices under the master bill. The addition of a TV service would make the collective household an additional data subject; digitally empowering these often overlapping subjects in a simple manner could become exceedingly complex. Before any thought of marrying Data Subjects to Data Controllers and Data Processors, enterprises need to re-visit their identity management systems, ensuring they have robust data models and processes to effectively create and manage a single and seamless digital relationship with every one of their Data Subjects. Data Controllers: The Privacy Control Point Enterprises often need data as a pre-condition to service delivery. A bank may require a date of birth for credit checks and online shops need delivery addresses. The GDPR won’t interrupt these requirements, but will place emphasis on ensuring the purpose of data collection is clearly understood, as is the retention policy of the data. For those opportunistic about the discretionary use of personal data; however, be forewarned: with opportunity comes responsibility. Any data that is used for marketing purposes, by enterprises, or by 3rd parties with whom data is shared will be subject to explicit consent. Those looking to own user relationships and manage personal data should embrace the concept of a privacy control point. This allows acting as an intermediary between a user and the systems and (potentially) third parties holding data. Managing digital identity and associated privacy may well become a strategic service unto itself. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR Figure 1:The Interlock Between Data Subjects, Controllers & Processors Those enterprises creating trusted privacy control points could become the engines of the next generation data-driven economy FOLLOWING THE DATA TRAIL DATA SUBJECTS DATA CONTROLLERS DATA PROCESSORS Every user shall have the ability to easily view and govern access to all of their personal data Enterprises must notify users of personal data needs and gain consent on data use Systems holding data must enforce the privacy and consent contract between the end user & enterprise Enterprises must ensure that end users can govern access to data across legacy and new systems.
Figure 2: Controllers will need an SDK to push/pull privacy to processors PUSH PULL DATA SUBJECTS Privacy Dashboard DATA CONTROLLER (Privacy Control Point) Data Processors that cannot query the privacy control point will have consent pushed Data Processors that can query the privacy control point can verify consent DATA PROCESSOR SYSTEMS DATA PROCESSOR SYSTEMS @ @ POWERING THE DIGITAL USER LIFECYCLE | Pg 4 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Data Processors: Enforcing the User’s Consent The domain of Data Processors is likely to overwhelm existing and complex businesses. Enterprises have personal data resident in many systems that were developed with no consideration of end user control. Generating a singular view of data from system silos will most certainly require a data federation layer at the privacy control point. Perhaps even more constraining in downstream data processor systems is the lack of ability to enforce an end user’s data preferences. A Data Subject who wants to use a privacy dashboard to suspend the use of their personal data in a campaign management system may be able to initiate the request from a simple web interface. What is less clear as enterprises move towards a privacy management solution is whether or not the downstream Data Processor can accept an act on that request. In essence - if not properly designed- the holistic privacy management solution may be rendered ineffective due to the constraint of Data Processor capabilities (Figure 2). This drives an important architectural consideration for any privacy control point. The intermediary system implemented by a data controller to empower user’s privacy must be able to abstract and communicate with downstream systems via a flexible SDK in order to minimize customizations needed at data processor end points. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR
Figure 3:The GDPR Will Result in Privacy Dashboards for Everyone POWERING THE DIGITAL USER LIFECYCLE | Pg 5 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Privacy Perks: Erasure, Dashboards, COBO The European Union has ensured the GDPR’s definition is not limited to a technical-only scope. To properly serve the residents of the EU, the GDPR has added some important user-centric requirements. 1. Erasure: Also known as the “Right to Be Forgotten”, erasure is the user’s ability to request the deletion of all data not subject to legal retention. To implement erasure, privacy control point systems must uniformly delete data in multiple systems based on one request. 2. Dashboards: While not explicitly calling out the requirement for a privacy dashboard, this is the essence of the GDPR. The only way to give users easy access to, and control of their data, is to provide a privacy dashboard for every individual (Figure 3). 3.Consent on Behalf of (COBO): As younger citizens are coming on line earlier and more prolifically than ever, the GDPR has implemented the specific requirement for parents to consent and control data on behalf of minor children. The Importance of the User Experience The GDPR makes no requirement or specification of user interface or experience, other than to suggest the simplicity and ease of personal data control. Nonetheless, these are critical elements of implementation if the GDPR is to be seen as a success in the eyes of the EU citizen. If users are to feel completely in control, then they must believe they can easily engage with data controllers in creating and managing their digital identities and associated data. Users must also feel a sense of comfort and trust in engaging with enterprises that wish to leverage personal data. The success of the GDPR relies on a holistic solution; one that can manage the privacy lifecycle of the end user and management of the data that is produced by the services they consume. Time is of the essence. A packaged solution that delivers the processes, platform and user interfaces needed to represent the best interests of EU citizens will ensure the success of the GDPR. In turn, it will allow enterprises to personalize and monetize user data in new ways. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR Go HELLO, JIMMaple Voice Maple TV Maple HomeMy Maple my maple My Privacy How we Use Information LANGUAGEMAPLE HOME ACCOUNT PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad Turbo Excell Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555 ACCOUNT ABC1234567890-HJK Now, here you can control how your personal info and activity is being used by individual services Maple and it’s partners provide to you. SORT BY SERVICE SORT BY USER INFO Wireless 416 - 555 - 5555 User name Email Family Group Sharing Service Subscriptions Devices Web & Mobile App Activity Jim jimmackiedie@gmail.com Jim, Maureen, Ben, Katie, Maddie 10 12 5 Your behaviour history PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE MY PROFILEMY ACCOUNTS NOTIFICATIONSMY PRIVACY MORE ... 3
Figure 4: Capturing Every User Interaction to Personalize the Experience POWERING THE DIGITAL USER LIFECYCLE | Pg 6 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy The Challenge: New Enablers & Old Systems The GDPR hits established enterprises at a time when they are already embracing or contemplating responses to digital disruption. The need to build trusted digital relationships where every user can self-manage their privacy consent and settings is another call to action to engage every digital user (Figure 4). User privacy is an extension of a user-driven digital world. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR We remain in the age of the digital user. Implementing user-driven privacy is an opportunity for any enterprise doing business in the EU to be a trusted and credible controller of personal data. Those that effectively capitalize upon the opportunity will be the digital leaders of tomorrow. User ENGAGEMENT User ACCESS User CONTROL User PRIVACY User PERSONALIZATION
UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR POWERING THE DIGITAL USER LIFECYCLE | Pg 7 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy II. ENABLING USER MANAGED PRIVACY User Lifecycle Management: An Elegant Solution for GDPR Compliance Introduction Implementing a solution to GDPR compliance shouldn’t create the same disruption that a lack of compliance is bound to bring. To that end; solutions that overlay the underlying constraints and complexities of legacy systems must be considered. In the end, the right overlay will bring time to market, robust capability and cost efficiencies not possible with back end customizations and bespoke software development. Existing identity management systems must be enhanced with new capabilities supporting digital households and their end users, with role management for consent of minors. New user-centric models should federate disaggregated and disparate personal data from processor systems must converge at a new and purpose-built layer. Finally, communication between Data Controllers and the many downstream processors must be done by a single and extensible orchestration gateway that pre-empts customization to legacy systems (Figure 5). Figure 5: The Stages of Managing the User Lifecycle Manage Onboard Group Authorize Personalize Capture Authenticate EntitleShare Unify
Figure 6: User managed privacy dashboard POWERING THE DIGITAL USER LIFECYCLE | Pg 8 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Managing the User’s Privacy Lifecycle UXP Systems’ User Lifecycle Management enables a full privacy lifecycle for individuals by starting with the end user in mind, and implementing new capabilities for these users to create and manage trusted, flexible and empowered relationships with data controller enterprises. By managing the full lifecycle of users, households and groups, ULM goes beyond constrained customer systems to enable relationships with every individual. Normalizing Personal Data & Presenting a Unified Dashboard The User Lifecycle Management (ULM) platform innovates above legacy systems to abstract and federate personal data held in multiple downstream Data Processor systems to derive one singular dashboard for every individual Data Subject. By layering a flexible, user-centric data model above underlying systems, ULM enables the Privacy Control Point architecture so critical to effectively enforce privacy agreements between users and enterprises. Recognizing that a Data Subject may be represented by various aliases, the ULM data model is extensible to reflect the many ways in which a subject may be stored by an enterprise, including: Individual, represented by a username or e-mail address Customer, represented by a household address or account number Device, represented by a phone number or device ID Minor, represented by their consenting guardian UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR UXP Systems’ User Lifecycle Management privacy module further implements an out of the box and configurable privacy dashboard that encompasses the key elements of the GDPR, including: Purpose: to ensure every data element has a configurable field to explain the necessity (or lack thereof) and use of data collected Consent: to enable end users to grant or revoke – in real time – the right for enterprises to collect and use discretionary personal data Erasure: to permit the allowable deletion of personal historical data Transfer: to govern the use of collected data by 3rd parties. Go HELLO, JIMMaple Voice Maple TV Maple HomeMy Maple my maple My Privacy PRIVACY GENERAL LANGUAGEMAPLE HOME ACCOUNT Privacy Policy There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. MY PROFILEMY ACCOUNTS NOTIFICATIONSMY PRIVACY MORE ... 3 How we Use Information PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad 100G Fast Starter Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555 How we Use Information PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad 100G Fast Starter Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555
POWERING THE DIGITAL USER LIFECYCLE | Pg 9 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR The UXP Systems’ ULM Solution for User Managed Privacy User Lifecycle Management combines a robust lifecycle management solution to extend constrained identity models with a user-centric data model and dashboard to enable GDPR compliance in a seamless overlay over legacy systems. Moreover, with its innovative Service Gateway, it provides abstraction, normalization and bi-directional communications to systems of record holding personal data. It is an out of the box and pace-layer solution to a national imperative. Figure 7: Bridging the Gap Between Data Subjects and Data Processors About UXP Systems UXP Systems is the leader and pioneer in User Lifecycle Management (ULM). Our platform evolves digital identity, user entitlements and personalization to bring traditional and emerging enterprises the capabilities to service every digital user, seamlessly. ULM has been selected and implemented by some of the world’s largest enterprise to ensure they remain relevant in a disrupting world; with user-centric solutions covering User Managed Privacy, Digital Transformation, Digital and Cloud Services, Seamless Entertainment and the Connected Home. For more information, please contact info@uxpsystems.com or visit www.uxpsystems.com/privacy Onboard Authenticate Entitle Authorize Unify Personalize Group Share Capture Manage ULM PROCESS LIBRARY LAYER ULM UXDR® INSIGHT ULMSERVICEGATEWAY ULM CORE DATA MODEL & UTILITIES ULM IdP Interceptor Framework PrivacyServiceApplicationModel (DataAbstration&BusinessLogic) Events Framework USER ENTITLEMENTS/CORE DATA MODEL DATA SUBJECT DOMAIN DATA PROCESSOR DOMAIN DATA CONTROLLER DOMAIN Bidirectional Messaging Security, Reporting & Administration SAML/OIDC Engine Admin Proxy Data Adapters Data Adapters Data Adapters Data Adapters PRIVACY DASHBOARD Dashboard - Consent Management User Relationship Management Marketing & Offer Management Apps Customer Relationship Management Service Management Apps Partner Ecosystem

Recommended

Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesTech Trust
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2Sitra the Finnish Innovation Fund
 
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?Mobile Age Project
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 

Recommended

Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesTech Trust
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2Sitra the Finnish Innovation Fund
 
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?
Policy Brief : Can the GDPR help SMEs innovate for older adults in Europe?Mobile Age Project
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceAdler Law Group
 
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Blockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceBlockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceThe International Journal of Business Management and Technology
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersGigya
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAVISTA InfoSec
 
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...Knobbe Martens - Intellectual Property Law
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
bigdataembeddediotreportvk
bigdataembeddediotreportvkbigdataembeddediotreportvk
bigdataembeddediotreportvkVipul Kaushik
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa complianceTrustArc
 
Tangible Data Protection White Paper
Tangible Data Protection White PaperTangible Data Protection White Paper
Tangible Data Protection White PaperNick Banbury
 
Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...Digital Policy and Law Consulting
 
My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...Joonas Pekkanen
 
KLL4328
KLL4328 KLL4328
KLL4328 KLIBEL
 
CS4001 Final Ethics Paper
CS4001 Final Ethics PaperCS4001 Final Ethics Paper
CS4001 Final Ethics PaperGino McCarty
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...TrustArc
 
Toma composición
Toma composiciónToma composición
Toma composiciónsdelahoz
 
TDC2016SP - Rockets!
TDC2016SP - Rockets!TDC2016SP - Rockets!
TDC2016SP - Rockets!tdc-globalcode
 

More Related Content

What's hot

Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceAdler Law Group
 
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersGigya
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAVISTA InfoSec
 
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...Knobbe Martens - Intellectual Property Law
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
bigdataembeddediotreportvk
bigdataembeddediotreportvkbigdataembeddediotreportvk
bigdataembeddediotreportvkVipul Kaushik
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa complianceTrustArc
 
Tangible Data Protection White Paper
Tangible Data Protection White PaperTangible Data Protection White Paper
Tangible Data Protection White PaperNick Banbury
 
Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...Digital Policy and Law Consulting
 
My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...Joonas Pekkanen
 
KLL4328
KLL4328 KLL4328
KLL4328 KLIBEL
 
CS4001 Final Ethics Paper
CS4001 Final Ethics PaperCS4001 Final Ethics Paper
CS4001 Final Ethics PaperGino McCarty
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...TrustArc
 

What's hot (20)

Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
 
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven Overhauls
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
 
Blockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceBlockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer Acceptance
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for MarketersWhite Paper: Achieving A Single Customer View: The Holy Grail for Marketers
White Paper: Achieving A Single Customer View: The Holy Grail for Marketers
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRA
 
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
CCPA Webinar: Amendments, Proposed Regulations, New Ballot Initiative, and R...
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca v
 
bigdataembeddediotreportvk
bigdataembeddediotreportvkbigdataembeddediotreportvk
bigdataembeddediotreportvk
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance
 
Tangible Data Protection White Paper
Tangible Data Protection White PaperTangible Data Protection White Paper
Tangible Data Protection White Paper
 
Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...Deceived by design. How tech companies use dark patterns to discourage us fro...
Deceived by design. How tech companies use dark patterns to discourage us fro...
 
My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...My Data - A Nordic Model for human-centered personal data management and proc...
My Data - A Nordic Model for human-centered personal data management and proc...
 
KLL4328
KLL4328 KLL4328
KLL4328
 
CS4001 Final Ethics Paper
CS4001 Final Ethics PaperCS4001 Final Ethics Paper
CS4001 Final Ethics Paper
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...
 

Viewers also liked

Toma composición
Toma composiciónToma composición
Toma composiciónsdelahoz
 
Noerr LLP - Sommerakademie
Noerr LLP - SommerakademieNoerr LLP - Sommerakademie
Noerr LLP - SommerakademieNoerrLLP
 
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveis
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveisTDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveis
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveistdc-globalcode
 
Kevin Ops Resume
Kevin Ops ResumeKevin Ops Resume
Kevin Ops ResumeKevin Clark
 
TDC2016SP - Conhecendo o Ecossistema Linkit para Makers
TDC2016SP - Conhecendo o Ecossistema Linkit para MakersTDC2016SP - Conhecendo o Ecossistema Linkit para Makers
TDC2016SP - Conhecendo o Ecossistema Linkit para Makerstdc-globalcode
 
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...Ruby Perez
 
Imagenes de nuestra infancia
Imagenes de nuestra infanciaImagenes de nuestra infancia
Imagenes de nuestra infanciaMarcelo Ambrosini
 
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 dias
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 diasTDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 dias
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 diasLuiz Rodrigues
 
Работа с контрагентами. ЭКспорт
Работа с контрагентами. ЭКспортРабота с контрагентами. ЭКспорт
Работа с контрагентами. ЭКспортBDA
 
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataforma
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataformaTDC Floripa - Trilha iOS - Debate sobre o futuro da plataforma
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataformaDouglas Fischer
 
TDC2016SP - Trilha Startups
TDC2016SP - Trilha StartupsTDC2016SP - Trilha Startups
TDC2016SP - Trilha Startupstdc-globalcode
 
TDC2016SP - Trilha Startups
TDC2016SP - Trilha StartupsTDC2016SP - Trilha Startups
TDC2016SP - Trilha Startupstdc-globalcode
 

Viewers also liked (20)

Toma composición
Toma composiciónToma composición
Toma composición
 
TDC2016SP - Rockets!
TDC2016SP - Rockets!TDC2016SP - Rockets!
TDC2016SP - Rockets!
 
Anno1701
Anno1701Anno1701
Anno1701
 
Noerr LLP - Sommerakademie
Noerr LLP - SommerakademieNoerr LLP - Sommerakademie
Noerr LLP - Sommerakademie
 
MANUAL DE RAPTOR
MANUAL DE RAPTORMANUAL DE RAPTOR
MANUAL DE RAPTOR
 
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveis
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveisTDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveis
TDC2016SP - Enterprise Apps: Arquiteturas extremas e escaláveis
 
Kevin Ops Resume
Kevin Ops ResumeKevin Ops Resume
Kevin Ops Resume
 
PESTLE-RUSSIA
PESTLE-RUSSIAPESTLE-RUSSIA
PESTLE-RUSSIA
 
TDC2016SP - Conhecendo o Ecossistema Linkit para Makers
TDC2016SP - Conhecendo o Ecossistema Linkit para MakersTDC2016SP - Conhecendo o Ecossistema Linkit para Makers
TDC2016SP - Conhecendo o Ecossistema Linkit para Makers
 
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...
Gestor de proyectos: comprendo cantando: el uso de textos musicales para la c...
 
KR letter
KR letterKR letter
KR letter
 
Imagenes de nuestra infancia
Imagenes de nuestra infanciaImagenes de nuestra infancia
Imagenes de nuestra infancia
 
Refractory ITP
Refractory ITPRefractory ITP
Refractory ITP
 
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 dias
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 diasTDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 dias
TDC SP 2016 - EVDnC - Extreme Value-Driven Coaching - 4 sprints em 5 dias
 
Seta Capital - Small Trouble In Big China
Seta Capital - Small Trouble In Big ChinaSeta Capital - Small Trouble In Big China
Seta Capital - Small Trouble In Big China
 
UXP Analyst
UXP AnalystUXP Analyst
UXP Analyst
 
Работа с контрагентами. ЭКспорт
Работа с контрагентами. ЭКспортРабота с контрагентами. ЭКспорт
Работа с контрагентами. ЭКспорт
 
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataforma
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataformaTDC Floripa - Trilha iOS - Debate sobre o futuro da plataforma
TDC Floripa - Trilha iOS - Debate sobre o futuro da plataforma
 
TDC2016SP - Trilha Startups
TDC2016SP - Trilha StartupsTDC2016SP - Trilha Startups
TDC2016SP - Trilha Startups
 
TDC2016SP - Trilha Startups
TDC2016SP - Trilha StartupsTDC2016SP - Trilha Startups
TDC2016SP - Trilha Startups
 

Similar to UXPSystems_whitepaper_Privacy_Nov182016

Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)WBDC of Florida
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment toolsRajivarnan R
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Unraveling the GDPR Compliance
Unraveling the GDPR ComplianceUnraveling the GDPR Compliance
Unraveling the GDPR ComplianceCleverTap
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty Jakub Otrząsek
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudIOSR Journals
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 

Similar to UXPSystems_whitepaper_Privacy_Nov182016 (20)

Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economies
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
Treasure Data Marketers Guide to GDPR (Global Data Protection Regulation)
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay Agile
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Unraveling the GDPR Compliance
Unraveling the GDPR ComplianceUnraveling the GDPR Compliance
Unraveling the GDPR Compliance
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty
 
What is GDPR ? by M32
What is GDPR ? by M32What is GDPR ? by M32
What is GDPR ? by M32
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in Cloud
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 

UXPSystems_whitepaper_Privacy_Nov182016

  • 1. USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy UXP Systems’ Whitepaper | November 2016
  • 2. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR POWERING THE DIGITAL USER LIFECYCLE | Pg 2 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Introduction In the era of the digital user, we have become accustomed to using mobile devices, usernames and biometrics to identify ourselves and access digital services. With every interaction, we leave digital popcorn trails of our activities, preferences and behaviours. Behind the curtains of every app or portal are systems that identify who we are and what we do online. This data is used to deliver services, enrich user experiences and drive monetization. Personalization in the digital age has come at the great expense of our privacy. To restore order between the competing mandates of personalization and privacy, the EU has introduced the General Data Protection Regulation (GDPR). By 2018, any enterprise doing business in the EU must comply with it. I. THE PRIVACY IMPERATIVE Why Privacy Matters Now Data: Subjects, Controllers, Processors Distilled to its basics, the GDPR defines an interlocked chain of three entities working in concert to put users back in control of their personal data: Data Subjects, Data Controllers and Data Processors. Enterprises (Data Controllers) must re-stitch their fragmented systems and processes to ensure that individuals (Data Subjects) can create consent-based relationships to govern the use of their personal data in downstream systems (Data Processors). The complexity in this kind of user-centric paradigm is immense. First, its scope will cross a wide breadth of systems. Firms that cannot aggregate, unify, explain and expose personal data to their end users will fail to achieve compliance. Perhaps more importantly, GDPR proposes a paradigm change, where enterprises must operate from the end-user in, as opposed to back-office out.
  • 3. POWERING TH DIGITAL USER LIFECYCLE | Pg 3 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Data Subjects: Focusing on the User At the heart of the GDPR is the mandate that every user of a service be put in control of their own data. This objective in itself presents a challenge to enterprises that may lack a homogenous model to manage their many users, or Data Subjects. For instance, take the telecoms operator who provides wireless service to a household. A Data Subject is a customer paying a bill. Data Subjects also include individual adults and children who have wireless devices under the master bill. The addition of a TV service would make the collective household an additional data subject; digitally empowering these often overlapping subjects in a simple manner could become exceedingly complex. Before any thought of marrying Data Subjects to Data Controllers and Data Processors, enterprises need to re-visit their identity management systems, ensuring they have robust data models and processes to effectively create and manage a single and seamless digital relationship with every one of their Data Subjects. Data Controllers: The Privacy Control Point Enterprises often need data as a pre-condition to service delivery. A bank may require a date of birth for credit checks and online shops need delivery addresses. The GDPR won’t interrupt these requirements, but will place emphasis on ensuring the purpose of data collection is clearly understood, as is the retention policy of the data. For those opportunistic about the discretionary use of personal data; however, be forewarned: with opportunity comes responsibility. Any data that is used for marketing purposes, by enterprises, or by 3rd parties with whom data is shared will be subject to explicit consent. Those looking to own user relationships and manage personal data should embrace the concept of a privacy control point. This allows acting as an intermediary between a user and the systems and (potentially) third parties holding data. Managing digital identity and associated privacy may well become a strategic service unto itself. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR Figure 1:The Interlock Between Data Subjects, Controllers & Processors Those enterprises creating trusted privacy control points could become the engines of the next generation data-driven economy FOLLOWING THE DATA TRAIL DATA SUBJECTS DATA CONTROLLERS DATA PROCESSORS Every user shall have the ability to easily view and govern access to all of their personal data Enterprises must notify users of personal data needs and gain consent on data use Systems holding data must enforce the privacy and consent contract between the end user & enterprise Enterprises must ensure that end users can govern access to data across legacy and new systems.
  • 4. Figure 2: Controllers will need an SDK to push/pull privacy to processors PUSH PULL DATA SUBJECTS Privacy Dashboard DATA CONTROLLER (Privacy Control Point) Data Processors that cannot query the privacy control point will have consent pushed Data Processors that can query the privacy control point can verify consent DATA PROCESSOR SYSTEMS DATA PROCESSOR SYSTEMS @ @ POWERING THE DIGITAL USER LIFECYCLE | Pg 4 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Data Processors: Enforcing the User’s Consent The domain of Data Processors is likely to overwhelm existing and complex businesses. Enterprises have personal data resident in many systems that were developed with no consideration of end user control. Generating a singular view of data from system silos will most certainly require a data federation layer at the privacy control point. Perhaps even more constraining in downstream data processor systems is the lack of ability to enforce an end user’s data preferences. A Data Subject who wants to use a privacy dashboard to suspend the use of their personal data in a campaign management system may be able to initiate the request from a simple web interface. What is less clear as enterprises move towards a privacy management solution is whether or not the downstream Data Processor can accept an act on that request. In essence - if not properly designed- the holistic privacy management solution may be rendered ineffective due to the constraint of Data Processor capabilities (Figure 2). This drives an important architectural consideration for any privacy control point. The intermediary system implemented by a data controller to empower user’s privacy must be able to abstract and communicate with downstream systems via a flexible SDK in order to minimize customizations needed at data processor end points. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR
  • 5. Figure 3:The GDPR Will Result in Privacy Dashboards for Everyone POWERING THE DIGITAL USER LIFECYCLE | Pg 5 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Privacy Perks: Erasure, Dashboards, COBO The European Union has ensured the GDPR’s definition is not limited to a technical-only scope. To properly serve the residents of the EU, the GDPR has added some important user-centric requirements. 1. Erasure: Also known as the “Right to Be Forgotten”, erasure is the user’s ability to request the deletion of all data not subject to legal retention. To implement erasure, privacy control point systems must uniformly delete data in multiple systems based on one request. 2. Dashboards: While not explicitly calling out the requirement for a privacy dashboard, this is the essence of the GDPR. The only way to give users easy access to, and control of their data, is to provide a privacy dashboard for every individual (Figure 3). 3.Consent on Behalf of (COBO): As younger citizens are coming on line earlier and more prolifically than ever, the GDPR has implemented the specific requirement for parents to consent and control data on behalf of minor children. The Importance of the User Experience The GDPR makes no requirement or specification of user interface or experience, other than to suggest the simplicity and ease of personal data control. Nonetheless, these are critical elements of implementation if the GDPR is to be seen as a success in the eyes of the EU citizen. If users are to feel completely in control, then they must believe they can easily engage with data controllers in creating and managing their digital identities and associated data. Users must also feel a sense of comfort and trust in engaging with enterprises that wish to leverage personal data. The success of the GDPR relies on a holistic solution; one that can manage the privacy lifecycle of the end user and management of the data that is produced by the services they consume. Time is of the essence. A packaged solution that delivers the processes, platform and user interfaces needed to represent the best interests of EU citizens will ensure the success of the GDPR. In turn, it will allow enterprises to personalize and monetize user data in new ways. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR Go HELLO, JIMMaple Voice Maple TV Maple HomeMy Maple my maple My Privacy How we Use Information LANGUAGEMAPLE HOME ACCOUNT PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad Turbo Excell Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555 ACCOUNT ABC1234567890-HJK Now, here you can control how your personal info and activity is being used by individual services Maple and it’s partners provide to you. SORT BY SERVICE SORT BY USER INFO Wireless 416 - 555 - 5555 User name Email Family Group Sharing Service Subscriptions Devices Web & Mobile App Activity Jim jimmackiedie@gmail.com Jim, Maureen, Ben, Katie, Maddie 10 12 5 Your behaviour history PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE PURPOSE MY PROFILEMY ACCOUNTS NOTIFICATIONSMY PRIVACY MORE ... 3
  • 6. Figure 4: Capturing Every User Interaction to Personalize the Experience POWERING THE DIGITAL USER LIFECYCLE | Pg 6 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy The Challenge: New Enablers & Old Systems The GDPR hits established enterprises at a time when they are already embracing or contemplating responses to digital disruption. The need to build trusted digital relationships where every user can self-manage their privacy consent and settings is another call to action to engage every digital user (Figure 4). User privacy is an extension of a user-driven digital world. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR We remain in the age of the digital user. Implementing user-driven privacy is an opportunity for any enterprise doing business in the EU to be a trusted and credible controller of personal data. Those that effectively capitalize upon the opportunity will be the digital leaders of tomorrow. User ENGAGEMENT User ACCESS User CONTROL User PRIVACY User PERSONALIZATION
  • 7. UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR POWERING THE DIGITAL USER LIFECYCLE | Pg 7 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy II. ENABLING USER MANAGED PRIVACY User Lifecycle Management: An Elegant Solution for GDPR Compliance Introduction Implementing a solution to GDPR compliance shouldn’t create the same disruption that a lack of compliance is bound to bring. To that end; solutions that overlay the underlying constraints and complexities of legacy systems must be considered. In the end, the right overlay will bring time to market, robust capability and cost efficiencies not possible with back end customizations and bespoke software development. Existing identity management systems must be enhanced with new capabilities supporting digital households and their end users, with role management for consent of minors. New user-centric models should federate disaggregated and disparate personal data from processor systems must converge at a new and purpose-built layer. Finally, communication between Data Controllers and the many downstream processors must be done by a single and extensible orchestration gateway that pre-empts customization to legacy systems (Figure 5). Figure 5: The Stages of Managing the User Lifecycle Manage Onboard Group Authorize Personalize Capture Authenticate EntitleShare Unify
  • 8. Figure 6: User managed privacy dashboard POWERING THE DIGITAL USER LIFECYCLE | Pg 8 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy Managing the User’s Privacy Lifecycle UXP Systems’ User Lifecycle Management enables a full privacy lifecycle for individuals by starting with the end user in mind, and implementing new capabilities for these users to create and manage trusted, flexible and empowered relationships with data controller enterprises. By managing the full lifecycle of users, households and groups, ULM goes beyond constrained customer systems to enable relationships with every individual. Normalizing Personal Data & Presenting a Unified Dashboard The User Lifecycle Management (ULM) platform innovates above legacy systems to abstract and federate personal data held in multiple downstream Data Processor systems to derive one singular dashboard for every individual Data Subject. By layering a flexible, user-centric data model above underlying systems, ULM enables the Privacy Control Point architecture so critical to effectively enforce privacy agreements between users and enterprises. Recognizing that a Data Subject may be represented by various aliases, the ULM data model is extensible to reflect the many ways in which a subject may be stored by an enterprise, including: Individual, represented by a username or e-mail address Customer, represented by a household address or account number Device, represented by a phone number or device ID Minor, represented by their consenting guardian UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR UXP Systems’ User Lifecycle Management privacy module further implements an out of the box and configurable privacy dashboard that encompasses the key elements of the GDPR, including: Purpose: to ensure every data element has a configurable field to explain the necessity (or lack thereof) and use of data collected Consent: to enable end users to grant or revoke – in real time – the right for enterprises to collect and use discretionary personal data Erasure: to permit the allowable deletion of personal historical data Transfer: to govern the use of collected data by 3rd parties. Go HELLO, JIMMaple Voice Maple TV Maple HomeMy Maple my maple My Privacy PRIVACY GENERAL LANGUAGEMAPLE HOME ACCOUNT Privacy Policy There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. There are many diferent ways you can use our services - to search for an dshare information to communicate with other people or to create new content. When you share information with us, for example by creating a Maple ID, we ca make those sercies even better - to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using infomration and thew ays in which you can protect your privacy. Our Privacy Policy explains: - What information we collect and why we collect it - How we use that information - The choices we offer, including how to access and update information. MY PROFILEMY ACCOUNTS NOTIFICATIONSMY PRIVACY MORE ... 3 How we Use Information PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad 100G Fast Starter Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555 How we Use Information PRIVACY GENERAL YOUR PROFILE YOUR ACCOUNTS & SERVICES Secure Your Profile Children on Your Account Broadbad 100G Fast Starter Home Phone 416-666-6666 About Your Privacy Wireless 416-555-5555
  • 9. POWERING THE DIGITAL USER LIFECYCLE | Pg 9 USER MANAGED PRIVACY & THE GDPR User Lifecycle Management for User Managed Privacy UXP SYSTEMS’ WHITEPAPER | User Managed Privacy & the GDPR The UXP Systems’ ULM Solution for User Managed Privacy User Lifecycle Management combines a robust lifecycle management solution to extend constrained identity models with a user-centric data model and dashboard to enable GDPR compliance in a seamless overlay over legacy systems. Moreover, with its innovative Service Gateway, it provides abstraction, normalization and bi-directional communications to systems of record holding personal data. It is an out of the box and pace-layer solution to a national imperative. Figure 7: Bridging the Gap Between Data Subjects and Data Processors About UXP Systems UXP Systems is the leader and pioneer in User Lifecycle Management (ULM). Our platform evolves digital identity, user entitlements and personalization to bring traditional and emerging enterprises the capabilities to service every digital user, seamlessly. ULM has been selected and implemented by some of the world’s largest enterprise to ensure they remain relevant in a disrupting world; with user-centric solutions covering User Managed Privacy, Digital Transformation, Digital and Cloud Services, Seamless Entertainment and the Connected Home. For more information, please contact info@uxpsystems.com or visit www.uxpsystems.com/privacy Onboard Authenticate Entitle Authorize Unify Personalize Group Share Capture Manage ULM PROCESS LIBRARY LAYER ULM UXDR® INSIGHT ULMSERVICEGATEWAY ULM CORE DATA MODEL & UTILITIES ULM IdP Interceptor Framework PrivacyServiceApplicationModel (DataAbstration&BusinessLogic) Events Framework USER ENTITLEMENTS/CORE DATA MODEL DATA SUBJECT DOMAIN DATA PROCESSOR DOMAIN DATA CONTROLLER DOMAIN Bidirectional Messaging Security, Reporting & Administration SAML/OIDC Engine Admin Proxy Data Adapters Data Adapters Data Adapters Data Adapters PRIVACY DASHBOARD Dashboard - Consent Management User Relationship Management Marketing & Offer Management Apps Customer Relationship Management Service Management Apps Partner Ecosystem