The General Data Protection Regulation (GDPR) is hitting organisations that deals with EU citizens in 2018. In this deck, Danny informs organisations, designers and developers on how to use the three pillars of Transparency, Privacy and Controls on their quest towards GDPR compliancy. As well as providing examples of brands that are doing things right and wrong (from a GDPR perspective), the presentation provides practical examples of techniques such as consent, privacy by design (PbD) and the right of individuals to update their details at all times. Designers can use these techniques across their products and services to ensure that their marketing efforts are prepared.
INDUSTRIA 4.0 - Il trasferimento tecnologico attraverso i Digital Innovation ...Data Driven Innovation
"Industria 4.0" sta diventando il simbolo della rinascita industriale del Paese. Le forze che favoriscono il rilancio delle filiere manifatturiere sono tante e i finanziamenti stanno diventando significativi. L’Europa pretende che sia il trasferimento tecnologico da parte dei centri di competenza, sia la domanda di nuove tecnologie da parte delle PMI, siano agevolate e soddisfatte in maniera efficiente. I Digital Innovation Hub, già sperimentati in Germania, inizieranno il loro lavoro anche in Italia. Vediamo come le nuove forme di sharing, circular e maker economy se ne potranno avvantaggiare
1. Sepa exactamente de donde provienen sus datos.
2. Asegure que todos en la organización comparten los mismos datos, con un acceso fácil y libre de complejidades.
3. Gobernabilidad de la información: mantenga a su equipo capacitado en procesos simples y transparentes.
'Extreme Apps’ Approach to Analysis Makes On-Site Retail Experience King AgainDana Gardner
Transcript of a sponsored discussion on how technology providers have teamed as an ecosystem to develop new dynamic and rapid analysis capabilities for the retail industry.
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Dana Gardner
Transcript of a sponsored discussion on how regulations around data sovereignty are forcing enterprises to consider new approaches to data, intellectual property, and cloud collaboration services.
How AI will impact Web and Social Media Intelligence - Uljan Sharka (Crystal.io)Data Driven Innovation
Data is the new oil. With more channels and KPIs on the rise it’s becoming more and more difficult to get value from Digital Data. Artificial Intelligence will change the status quo through Natural Language Processing, Machine Deep Learning, Voice Recognition and Computer Vision by saving time, providing real time processed KPIs and by driving operations through predictions and actionable insights.
Effective comms planning at Sustrans | South West Networking Group | 2 Februa...CharityComms
Kate Strange, head of digital and marketing, Sustrans
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
INDUSTRIA 4.0 - Il trasferimento tecnologico attraverso i Digital Innovation ...Data Driven Innovation
"Industria 4.0" sta diventando il simbolo della rinascita industriale del Paese. Le forze che favoriscono il rilancio delle filiere manifatturiere sono tante e i finanziamenti stanno diventando significativi. L’Europa pretende che sia il trasferimento tecnologico da parte dei centri di competenza, sia la domanda di nuove tecnologie da parte delle PMI, siano agevolate e soddisfatte in maniera efficiente. I Digital Innovation Hub, già sperimentati in Germania, inizieranno il loro lavoro anche in Italia. Vediamo come le nuove forme di sharing, circular e maker economy se ne potranno avvantaggiare
1. Sepa exactamente de donde provienen sus datos.
2. Asegure que todos en la organización comparten los mismos datos, con un acceso fácil y libre de complejidades.
3. Gobernabilidad de la información: mantenga a su equipo capacitado en procesos simples y transparentes.
'Extreme Apps’ Approach to Analysis Makes On-Site Retail Experience King AgainDana Gardner
Transcript of a sponsored discussion on how technology providers have teamed as an ecosystem to develop new dynamic and rapid analysis capabilities for the retail industry.
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Dana Gardner
Transcript of a sponsored discussion on how regulations around data sovereignty are forcing enterprises to consider new approaches to data, intellectual property, and cloud collaboration services.
How AI will impact Web and Social Media Intelligence - Uljan Sharka (Crystal.io)Data Driven Innovation
Data is the new oil. With more channels and KPIs on the rise it’s becoming more and more difficult to get value from Digital Data. Artificial Intelligence will change the status quo through Natural Language Processing, Machine Deep Learning, Voice Recognition and Computer Vision by saving time, providing real time processed KPIs and by driving operations through predictions and actionable insights.
Effective comms planning at Sustrans | South West Networking Group | 2 Februa...CharityComms
Kate Strange, head of digital and marketing, Sustrans
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
Putting Buyers and Sellers in the Best Light, How Etsy Leverages Big Data for...Dana Gardner
Transcript of a sponsored discussion on how Etsy uses data science to improve their buyers and sellers’ experience as well as theiown corporate destiny.
Is big data handicapped by "design"? Seven design principles for communicatin...Zach Gemignani
Is big data handicapped by "design"? This presentation shares the seven design principles for effective data communication. Good and bad examples for data visualizations highlight the choices designers make in helping non-analytical audiences understand the meaning in data.
Short intro for the BBC Circom panel 2016 setting out my views on data. Super short cut down version of this talk: http://www.slideshare.net/HollieLubbock/responding-to-context-using-data-to-design-experiences-that-care-about-customers
How Modern Operational Services Leads to More Self-Managing, Self-Healing, an...Dana Gardner
A discussion on how Hewlett Packard Enterprise Pointnext Services is reinventing the experience of IT support to increasingly rely on automation, analytics, and agility.
Rolta AdvizeX Experts on Hastening Time to Value for Big Data Analytics in He...Dana Gardner
Transcript of a sponsored discussion on using the right balance between open source and commercial IT products to create a big data capability for the long-term.
Juice's Data Monetization Workshop helps product managers and business leaders consider the opportunities and challenges of transforming their valuable data into customer-facing products.
Beyond Data Visualization: What's next in communicating with data?Zach Gemignani
We've made great progress in learning how to visualize data, yet a gap still remains between the data experts and the data consumers who might take action on the data. This presentation, shared at the Nashville Analytics Summit, explains how we can bring people into the process of communicating data and guide them to informed actions.
Intro presentation from the Enterprise 2.0 Summit 2013 in Paris that served as the basis for a discussion panel around approaches for the technology framework of a Digital Workplace and its challenges
How New Technology Trends Will Disrupt the Very Nature of Business Dana Gardner
Transcript of a sponsored discussion on how major new trends and technology are translating into disruption, and for the innovative business -- opportunity.
Transform the way you work and collaborate. Get google workspace for your Business. Get 10% discount per user license.
https://redcarrot-consulting.smblogin.com/public/store/BO0B/default/
How Unisys and Microsoft Team Up To Ease Complex Cloud Adoption For Governmen...Dana Gardner
A discussion how public and private sector IT organizations can ease cloud adoption using cloud-native apps, services modernization, automation, and embedded best practices.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
Putting Buyers and Sellers in the Best Light, How Etsy Leverages Big Data for...Dana Gardner
Transcript of a sponsored discussion on how Etsy uses data science to improve their buyers and sellers’ experience as well as theiown corporate destiny.
Is big data handicapped by "design"? Seven design principles for communicatin...Zach Gemignani
Is big data handicapped by "design"? This presentation shares the seven design principles for effective data communication. Good and bad examples for data visualizations highlight the choices designers make in helping non-analytical audiences understand the meaning in data.
Short intro for the BBC Circom panel 2016 setting out my views on data. Super short cut down version of this talk: http://www.slideshare.net/HollieLubbock/responding-to-context-using-data-to-design-experiences-that-care-about-customers
How Modern Operational Services Leads to More Self-Managing, Self-Healing, an...Dana Gardner
A discussion on how Hewlett Packard Enterprise Pointnext Services is reinventing the experience of IT support to increasingly rely on automation, analytics, and agility.
Rolta AdvizeX Experts on Hastening Time to Value for Big Data Analytics in He...Dana Gardner
Transcript of a sponsored discussion on using the right balance between open source and commercial IT products to create a big data capability for the long-term.
Juice's Data Monetization Workshop helps product managers and business leaders consider the opportunities and challenges of transforming their valuable data into customer-facing products.
Beyond Data Visualization: What's next in communicating with data?Zach Gemignani
We've made great progress in learning how to visualize data, yet a gap still remains between the data experts and the data consumers who might take action on the data. This presentation, shared at the Nashville Analytics Summit, explains how we can bring people into the process of communicating data and guide them to informed actions.
Intro presentation from the Enterprise 2.0 Summit 2013 in Paris that served as the basis for a discussion panel around approaches for the technology framework of a Digital Workplace and its challenges
How New Technology Trends Will Disrupt the Very Nature of Business Dana Gardner
Transcript of a sponsored discussion on how major new trends and technology are translating into disruption, and for the innovative business -- opportunity.
Transform the way you work and collaborate. Get google workspace for your Business. Get 10% discount per user license.
https://redcarrot-consulting.smblogin.com/public/store/BO0B/default/
How Unisys and Microsoft Team Up To Ease Complex Cloud Adoption For Governmen...Dana Gardner
A discussion how public and private sector IT organizations can ease cloud adoption using cloud-native apps, services modernization, automation, and embedded best practices.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
On the 25th May 2018, all businesses across Europe and the UK will face dramatic changes to Data Privacy Laws. With fines of up to 4% of revenue for noncompliance, GDPR has huge potential for disruption if not adhered to.
The GDPRforum was held on 24th November 2017 to gain valuable insight from Data Privacy experts, teach people how to prepare for the new laws, and how to turn a crisis into an opportunity.
GDPR Speakers:
David Lockie – Pragmatic – Founder
Dan Hedley – Irwin Mitchell – Partner
Gilbert Hill – Independent Privacy Technologist
Ben Westwood – eBay – Senior Privacy Manager & Data Protection Officer UK
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and marketing.
Internet of Things With Privacy in MindGosia Fraser
Short presentation on privacy and data protection issues related to rapid development of Internet of Things, prepared for Privacy Lab hosted by Mozilla London
Tech For Good Meetup 10.11.14 The Good DataTech For Good
At the Tech For Good Meetup in London Marcos Mendendez introduced us to The Good Data, which is a service that helps you to take ownership of your personal data online by blocking browsing data that would otherwise be used by third party trackers. Then, with your consent, it puts some of your data to use for organisations that are working towards a good cause. What’s really cool, is that you can also choose to become an owner of The Good Data - so it’s possibly the first data coop in the world.
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing the Impact of a Breach
Encryption has been viewed as the ultimate way to protect sensitive data for compliance. But it has also been considered very complex to implement. Today, encryption is essential to meet compliance objectives, and has become much simpler to implement. The challenge is knowing when and where to use encryption, how it can simplify compliance, what controls need to be in place, and the options for good encryption key management. This session will cover the options for encryption and key management, what each provides, and their requirements. Encryption and key management topics include application-level encryption for data in use, network encryption of data in motion, and storage encryption for data at rest.
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...Dana Gardner
Transcript of a discussion on how cybersecurity attacks are on the rise but new capabilities are being brought to the edge to provide for better data loss prevention.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
Future of privacy - Insights from Discussions Building on an Initial Perspect...Future Agenda
The initial perspective on the Future of Privacy kicked off the Future Agenda 2.0 global discussions taking place through 2015. This summary builds on the initial view and is updated as we progress the futureagenda2.0 programme. www.futureagenda.org
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
Outlines the regulatory, privacy and security risks faced by FinTech companies and Financial Services firms if their digital strategy is not thought through.
Business X Design - People, Planet & ProductCyber-Duck
A talk about intersectional design and how accessibility and sustainable overlap to create better products and experiences for both people and businesses
Scaling our digital agency during the 2020 pandemic - Imperial College lectureCyber-Duck
In this talk, Danny Bluestone talks about levers he used during the COVID-19 pandemic to grow Cyber-Duck by 53% and hire over 35 staff. The core pillars are: Stability, Growth and Togetherness.
Fixing user experience (UX) through trust - SXSW keynoteCyber-Duck
After two decades of digital, trust in digital is broken. The centralisation of the Web within silos, walled gardens and controlling parties has ended up defying the spirit of the original web. On top of this numerous data scandals, hacking and online fraud has pushed customer trust to new lows. To share his ideas on how brands can try to earn user trust back, our CEO & Founder Danny Bluestone is heading to SXSW in March 2019. These slides are a summary of his keynote.
How to use ux thinking to generate meaningful marketing insights v0101dCyber-Duck
The most stellar B2B companies offer a personalised, mobile-first user experience that’s built upon an integrated, automated and insightful tech-stack. Beginning with the end in mind and through UX thinking, Danny from Cyber-Duck, the leading digital transformation agency explores how marketers can use service design generate data driven products and insights that improve the customer experience (CX) whilst leverage new tech like AI, automation and personalisation.
This presentation explores how brands can improve their proposition and become more relevant through embedding user experience (UX) and innovation within their vision and culture.
Aimed at the connected homes, this presentation aims to educate hackathon goers on where UX is framed within the context of product and technology and provide quicks tips and tools to get started with UX.
The term digital transformation has been bandied about too much, covering everything from business transformation, the creation of efficiencies and new websites to playing with new digital platforms. In reality, it’s business transformation – but with a focus on customers and stakeholders with digital technologies as the catalyst for change. Success is determined by an organisation’s ability to unite and empower their people, processes and products. Only this will generate customer-centric experiences that perform effectively. Danny’s talk explores Cyber-Duck’s top tips for successful digital transformations, drawing on his experience guiding clients through risks and opportunities.
In this presentation and workshop Cyber-Duck take delegates through building blocks of developing a user centric brand and marketing strategy and introduce exciting new marketing channels such as artificial intelligence, bots, micro-moments and SEO as well as virtual and augmented reality. The presentation is concluded by exploring the importance of data and analytics.
Cyber-Duck, a digital agency in London and Hertfordshire welcomed StartupBus in its office to present some principles behind user experience before their European tour
In today’s cross-channel world, brand experience has become intertwined with user experience. A brand identity that authentically underpins services, products and marketing is critical to generate new sales and loyalty.
The presentation will explore the core tenants you need to build a holistic brand system. We’ll examine how identity design, narrative creation, scalable infrastructure and a cohesive visual language can help to drive future innovation and customer satisfaction.
By putting infrastructure and the brand essence at the core of an organisation, brands can create a more sustainable future for their companies. Brands that follow these principles will spend fewer resources on advertising, whilst improving customer satisfaction.
Five Digital Marketing ingredients for 2016Cyber-Duck
Our creative, technology and marketing discuss key tactics that will help digital innovation for 2016 including website performance, search engine marketing, social, apps and ongoing analysis and personalisation.
At Startup Weekend (Fashion Technology) at WeWork in London, Danny from Cyber-Duck created a quick guide that explains how UX fits in to todays connected world and what UX's role is. The keynote focus on lean UX and also covers UX principles and tactics.
User centred design (UCD) and the connected homeCyber-Duck
This presentation is a summary of a workshop that was conducted at UX London and Mozfest by Cyber-Duck, an agency that merges lean and agile deliver with user centred design (UCD). The workshop was aimed at those wanting to apply UCD to futuristic technologies. The workshop explored the concepts and thinking of ‘how to design an Internet Connected Dishwasher app’ while considering a wider eco system. The workshop started by introducing IoT (and ‘nearables’), why its relevant now and how the UCD process can adapt to it. The workshop frames UCD in a wider product delivery context and is aimed at those wanting to learn on how UX tactics can be applied to successfully design IoT products and systems.
How Lean, UCD and Agile can propel designers into the futureCyber-Duck
In this talk, Danny demonstrates why the future is already here and how it poses challenges to todays agencies, CMOs and designers. The internet permeates everything from websites, wearables, ‘nearables’ (low powered IoT devices that connect with our online world) and apps. Users are accustomed to getting ‘pulled’ to different destinations (such as apps or websites) but more and more forwarding thinking brands are ‘pushing’ relevant content and alerts to either the OS level of devices or other app like aggregators, allowing the user to interact with both features and content without leaving notification centres or dashboards. Due to this, the Web is becoming a habitat where users will spend less time downloading, opening and engaging with apps. As such, it’s important that designers move towards dreaming of a world that is both ‘pulling’ users towards personalised experiences within apps and websites and also ‘pushing’ highly relevant data to users to enhance the experience. In order to facilitate this, agencies, marketers and designers need to be designing holistic systems (over-arching engagement platforms to facilitate cross-channel interactions) and not only destinations (a singular native app or website). The slides expand on what sort of approach we can use to aid our strategy, design, development and project management methodologies by exploring frameworks such as User Centred Design (UCD), Lean and Agile.
In this presentation Danny explains how Cyber-Duck merge lean and agile principles with user centred design (UCD) to deliver Cancer Research Technology's new portal - Ximbio. By taking a Scrum approach and blending strategic branding within the first sprint, Cyber-Duck managed to plan, design and launch the portal within 90 days. None of the above would be possible without having strong lean principles and this presentation explains how lean thinking underpins the essence of a digital agency.
This presentation covers how organisations should approach a new digital project such as a web portal, system or mobile app (or combination of all) while considering the brand strategy, marketing or growth hacking approach and technology. The keynote examines the principles of a strategy and different methodologies for the product/project production such as agile, sashimi waterfall, lean and user centred design (UCD). The deck then delves into how to write a concise brief, how to go about resourcing and pick a technology platform or framework (such as Laravel or Ruby on Rails). The presentation covers how great design and project management is fundamental to success and why the design heuristics are so important. Finally the presentation also mentions why PM tools like JIRA, basecamp and Trello are important.
During August 2013, as part of an internal hackathon at Cyber-Duck, there were five teams that needed to produce products over 24 hours. Our team was tasked of developing an app to find Danny but the brief quickly changed into a staff (duck) finder app. The hack involved research, design and coding.
UX principles at Marketing Week Live London 2014Cyber-Duck
User Experience (UX) principles for marketing team as presented by Danny Bluestone at Marketing Week Live 2014 in London. The presentation touches on the importance of UX and how it has to be engrained into an organisation's culture as opposed to being a bolt-on.
UX is not a bolt-on but many agencies and founders approach it as the icing on the cake where really it is the cake itself. If you are in the process of planning, creating or improving your MVP this presentation will help you understand what UX is and how to go about making it happen for your product. The presentation will also help you understand how the UX process should happen correctly in your organisation and advises on different heuristics and models that can aid your team to ensure your product is produced correctly. The keynote was presented to the Founders Nation boot-camp by Danny Bluestone from Cyber-Duck at The Wayra Academy,Capper Street, WC1E 6JA London during March 2014.
Sometime in early 2005, Danny Bluestone saw the potential in creating a digital agency that bridges the gap between usability, visual design, project management, marketing and programming. At the time he had no funding.
Top 5 Indian Style Modular Kitchen DesignsFinzo Kitchens
Get the perfect modular kitchen in Gurgaon at Finzo! We offer high-quality, custom-designed kitchens at the best prices. Wardrobes and home & office furniture are also available. Free consultation! Best Quality Luxury Modular kitchen in Gurgaon available at best price. All types of Modular Kitchens are available U Shaped Modular kitchens, L Shaped Modular Kitchen, G Shaped Modular Kitchens, Inline Modular Kitchens and Italian Modular Kitchen.
You could be a professional graphic designer and still make mistakes. There is always the possibility of human error. On the other hand if you’re not a designer, the chances of making some common graphic design mistakes are even higher. Because you don’t know what you don’t know. That’s where this blog comes in. To make your job easier and help you create better designs, we have put together a list of common graphic design mistakes that you need to avoid.
Expert Accessory Dwelling Unit (ADU) Drafting ServicesResDraft
Whether you’re looking to create a guest house, a rental unit, or a private retreat, our experienced team will design a space that complements your existing home and maximizes your investment. We provide personalized, comprehensive expert accessory dwelling unit (ADU)drafting solutions tailored to your needs, ensuring a seamless process from concept to completion.
2. Introducing GDPR
What is GDPR?
1. Transparency
2. Privacy
3. Control
Conclusion
TODAY
#DigitalPond @danny_bluestone
3. HELLO. I AM DANNY.
#DigitalPond @danny_bluestone
4. 21%
- are a -
Data
Liberator
They think data will make
us healthier, safe and more
efficient. They’re up for
the big data revolution.
40%
- are a -
Savvy
Sharer
They’re optimists. Data
should be used freely in
most situations, but not all.
29%
- are a -
Data
Regulator
They think that big data can
be useful. But we need to
consider decisions carefully.
10%
- are a -
Privacy
Protector
They don’t believe the big
data hype. They want to
regain privacy, no matter
what the cost.
#DigitalPond @danny_bluestone
6. The rise of digital and data is unparalleled
#DigitalPond @danny_bluestone
7. The issue is that brands know more about us
than we know about ourselves
#DigitalPond @danny_bluestone
8. Tinder has 800 pages of information on one
of its users, including age-rank of matches
and how many facebook friends she had
#DigitalPond @danny_bluestone
10. The Ponemon Institute Research report May 2017
49%
HAD A DOCUMENT BREACH
IN THE PAST 2 YEARS
73%
EMPLOYEES ARE
ACCIDENTALLY
EXPOSING INFORMATION
63%
OF STAFF UNABLE TO
LOCATE SENSITIVE DATA
#DigitalPond @danny_bluestone
Do businesses know what they are doing?
12. WHO IS BEHIND GDPR?
12
Official EU website, no information about GDPR
European Data Protection Board, no link to GDPR
guidelines some internal facing articles
The EUR-LUX website (searchable database) contains
EU law, the journal of the Union and international
agreements. It is also home to the GDPR articles. The
articles are not prominent on the homepage.
There ls a link to the GDPR PDF or web page with 54K
words over 102 word pages
Giovanni Buttarelli is the
European Data Protection
Supervisor.
Wojciech Wiewiórowski is the
Assistant Supervisor at the
EDPS.
13. The GDPR includes new regulations to prior directives.
Accountability
Risk-based approach
Privacy by design
(PbD)
Rights of erasure
Data portability
Transparency/
Consent
#DigitalPond @danny_bluestone
14. 14
The Processor is an entity that processes
data on behalf of the controller. They need
to conform to the processes, audits,
breach and Disaster Recovery policies.
The Controller determines the purposes and
means of the processing of personal data.
They have a legal responsibility to appoint
‘qualified’ Processors.
#DigitalPond @danny_bluestone
15. #DigitalPond @danny_bluestone
Only collect the data you
need and ensure that it is
accessible by users so they
can update it. Maintain
retention policies.
Transparency
The service must be clear
and collected for specified
purposes through explicit
consent.
ControlsPrivacy
Implement PbD, backup
and DR methods to ensure
data security and resilience.
Don't compromise users’
identities.
Cyber-Duck Ltd
18. How to handle SARs
Requirement
Legal
response time
Facebook Majestic Wine
View data held
following SAR
1 month
No response (have export button to view
likes, timeline posts, friends made etc’)
Responded in time
Follow-up to the SAR Immediate
Did not respond to original SAR by email
as explained there is a download function
N/A
With GDPR users will be entitled to know how long their data is stored, enjoy data
portability (e.g. porting data from one bank to another) and have their data erased
without a court request.
#DigitalPond @danny_bluestone
19. The importance of consent
It is important that consent is ‘Unbundled’ and as ‘Granular’ as possible. There should
be no ‘Opt-out’. Only provide ‘Opt-in’. Ensure that consent is ‘Easy to withdraw’.
Note: You will also need to name any parties that will rely on consent. Using words
like third parties or categories will not be acceptable.
#DigitalPond @danny_bluestone
27. The difference between anonymisation and
pseudonymisation
Anonymisation means erasing any personal data with permanent fictitious values.
Pseudonymisation replaces identifiable data with a persistent and reversible token.
Name Pseudonym (token) Anonymised
Jonny aERT xyz
Veronica Oqwti xyz
Sylvain SqaL xyz
Jonny aERT xyz
#DigitalPond @danny_bluestone
28. The difference between anonymisation and
pseudonymisation
Anonymisation
#DigitalPond @danny_bluestone
Pseudonymisation
Useful for when granularity of data
is not important and reverting
back is not required
Useful is you want to masquerade
data, protect privacy but need to
revert back to original
29. Dynamic IP addresses
A dynamic IP address will be personal data in the hands of a website operator if there
is another party (i.e. ISP) that can link the dynamic IP address to the identity of an
individual and the website operator has a "legal means" of obtaining access to the
information held by the ISP in order to identify the individual.
19 October 2016, the Court of Justice of the European Union (the "CJEU")
Note: Don’t store server logs if you do not have to. Encrypt logs in storage and limit access to decryption credentials.
#DigitalPond @danny_bluestone
30. Implied consent is not sufficient - “By using this site, you
accept cookies” message is not going to cut it.
Users can reject cookies - Easily let users withdraw consent
and opt-out so they are able to adjust their preferences.
The Cookie madness, an ongoing saga!
#DigitalPond @danny_bluestone
31. Deleting data
Data Subjects have the right to obtain erasure from
the data controller, without undue delay. This means
backups too. Make sure you can quickly pinpoint a
backup and delete a particular record or file.
#DigitalPond @danny_bluestone
32. 1. Privacy must be proactive, not reactive.
2. Privacy must be the default setting.
3. Privacy must be embedded into design.
4. Privacy must contain a balance between privacy and security.
5. Privacy offers end-to-end lifecycle protection of user data.
6. Privacy standards must be visible, transparent.
7. Privacy must be user-centric.
Privacy by design (PbD)
#DigitalPond @danny_bluestone
33. “…With the implementation of the GDPR and
the principle of ‘privacy by default’,
organizations can no longer hide behind the
argument that they are technologically unable to
act in line with the regulations”
Vita Zwaan, lawyer & lead Privacy Team Bureau Brandeis
#DigitalPond @danny_bluestone
38. Why give users ‘data portability’ capabilities?
Data portability is a concept to protect users from having their data stored in "silos"
or "walled gardens" that are incompatible with one another, i.e. closed platforms, thus
subjecting them to vendor lock-in (Wikipedia).
TRANSPARENCY
& ANALYSIS
HELP USERS
SWITCH
#DigitalPond @danny_bluestone
39. Be ready for breaches
#DigitalPond @danny_bluestone
42. Apply a process to your GDPR initiative1
Data audit1 Gap analysis2 Make a plan3 Execute4 Train everyone5
#DigitalPond @danny_bluestone
43. Register for an ICO certificate2
#DigitalPond @danny_bluestone
44. Embed GDPR in your CX and marketing3
Lloyds concluded that if it was going to avoid losing customers, it needed
to overhaul the CRM programme to reflect what people actually want.
#DigitalPond @danny_bluestone
46. 1. Saving less data is taking less risk - Store only what you need.
2. Use PbD - Consider systems, messaging and encryption to determine who sees
what and why.
3. Be aware - Besides GDPR look out for other laws like e-privacy and PSD2.
4. Consent - Obtain explicit consent for everything and ensure you have audit trails.
5. Policies and process - Be ready for SARs and ensure you have retention policies.
Conclusions from the Cyber-Duck talk
#DigitalPond @danny_bluestone