stay on the safe side
To answer regulatory challenges, businesses need to change theway they address personal data.
CONTENTSThe awakening of data privacy New regulatory challenges Clym
THE AWAKENING Interest in privacy is reaching newOF heights, fueled by an increasing dailyDATA PRIVACY dose of breaches. Oftentimes, companies fail to provide customers sufficient data privacy, leading to unprecedented volumes of exposed data. By far, the biggest data breach of the 21st century is the one Yahoo suffered in 2013, exposing 3 billion* user accounts and personal identifying information. The GDPR is not the only law dealing with consent. While the changes it brings seem to have the greatest impact, consent is an important aspect in other legislations as well. The following figure presents the data protection laws across the world, providing a comparison between various such laws.LIMITED HEAVY ROBUST MODERATE DATA PRIVACY AROUND THE WORLD
Technology trust is agood thing, butcontrol is abetter one. Stephane Nappo, CISO @Société Générale
With the EU General Data Protection Regulation NEW(GDPR), coming into play on the 25th May 2018, REGULATORYconsent management has become a stringent CHALLENGESmatter for everyone. The GDPR’s provisionsregarding consent do not only target data stored inthe case of contracts but also data used formarketing purposes and even cookies. Prepare tosay goodbye to the classic notice “By continuing tonavigate on this website you agree to cookies”.Once the GDPR is in place, you will need specificconsent for each type of cookie you plan to store onthe users’ computer. You’ll also need to give themthe option to opt-out of cookie consent just aseasily. But before we all panic, let’s start thingsslowly.
CONSENT ACCORDING TO THE GDPRGDPR requires consent from EU citizens before allowing companies to collect anypersonal identifying information. It also brings a new perspective on consentmanagement, in which the liberty to withdraw consent must be granted at anymoment.The GDPR defines consent as:“Any freely given, specific, informed and unambiguous indication of the datasubject’s wishes by which he or she, by a statement or by a clear affirmative action,signifies agreement to the processing of personal data relating to him or her.” GDPR - Article 4(11)
According to the regulation, consent should be: FREELY GIVEN A BData subjects must be able to choose Cwhether or not they want their data tobe processed. Under no circumstances SPECIFICshould consent be coerced. Data subjects need to be told all purposes for processing their personal data before they give their consent. INFORMED UNAMBIGUOUSFor consent to be considered valid, Consent management should bedata subjects should be informed of performed through positive, affirmativethe controller’s identity, the purpose of action so that the wishes of the datathe processing and how subjects are clear.processing might affect them.GDPR is not the only law that regulates consent, as it is an important part of otherregulations as well. PSD2, COPPA, PIPEDA and PDPA are some of the world’s laws thatapproach consent.The truth is that even though a country does not have a data protection regulation inplace, if companies want to process EU citizens’ data, they will need to comply with theGDPR to avoid hefty fines.In order for businesses to comply with all these requirements, it is important that they putin place an effective consent management process.
COOKIES AS PERSONAL DATAThe GDPR will change the current Cookie Policy, and the way cookies consent ismanaged. Under to the GDPR, cookies are perceived as personal identifyinginformation (PII), which means that after the 25th of May, website owners will needto make 3 key changes: “By using this website, you accept cookies” will not be enough. The data subject needs to be given a real choice. That type of phrase is not informative as to why cookies are needed and does not give an alternative. Website owners will not be able to constrict users by forcing them to accept cookies if they need an information from their website. Consenting to cookies needs to be a clear affirmative action. We can include here clicking through an opt-in box or choosing certain settings in a menu. As already explained, visiting a website does not imply consent. Websites will need to provide an opt-out option - it must be as easy to withdraw consent as it was to give it. This means users should be able to remove consent through the same type of action as when they gave their consent. For example, if they clicked through some boxes on a form on the website, they need to be able to find the same form to revoke consent. Websites will need to provide an opt-out option - it must be as easy to withdraw consent as it was to give it. This means users should be able to remove consent through the same type of action as when they gave their consent. For example, if they clicked through some boxes on a form on the website, they need to be able to find the same form to revoke consent.
“Natural persons may be associated with online identifiers -such as internet protocol addresses, cookie identifiers or otheridentifiers…. This may leave traces which, in particular whencombined with unique identifiers and other information receivedby the servers, may be used to create profiles of the naturalpersons and identify them.” GDPR, Recital 30
WHAT ABOUT COOKIE POLICY?The Cookie Law was one of the first legal initiatives with respect to European Unioncitizens’ digital data. Cookies are small pieces of data stored on a user’s devicewhich allow websites to recall actions or preferences.THERE ARE 5,905,554** COOKIES WORLDWIDE, SPLIT INTO:Strictly Necessary Cookies Performance Cookies Functionality CookiesTargeting Cookies Unknown Cookies Gradually, cookies have began to raise serious privacy concerns, due to their growing use in advertising. Some users found this to be useful, while others felt “stalked” across the Internet. We briefly mentioned how the cookie policy will need to change in the previous pages. Changes are due to the fact that cookies can be seen in personal data in many circumstances, as they sometimes can be used to identify an individual. This will affect cookies used for advertising, analytics and other cookies used for functional services like chats and surveys.
stay on the safe sideConsent has become a key compliance aspect for every company that managespersonal data, regardless of its size or location.Clym is a consent lifecycle management tool that helps organisations meet theirdata protection obligations with respect to cookies, consent privacy policy and termsof service, in a secure and adaptive application.We give users the liberty to withdraw consent at any moment.
FEATURES ADAPTIVEData protection legislation is Your business, your brand.not universal. Nor is Clym. The Clym application is fullyWe provide a seamless brandable, allowing you toadaptive experience based strengthen your brand’s truston users’ country of even further.residence regulations. CUSTOMISABLE BRANDABLE Installation can be done onLanguage is no longer a the company’s internalbarrier, as we provide the network or on a privateuser with a choice of his instance in the cloud.prefered language. ON PREMISE OR PRIVATE INSTANCE
CONSENT LIFECYCLEMANAGEMENTAccording to data protection legislation, consent management must be easily accessiblefor users and received for all types and purposes of personal data processing.Symmetrically, consent withdrawal must be as easy to do as it was consent granting.Clym gives users the option to manage consent straight from the application interface,generating and emailing a consent receipt to the user.The consent receipt contains: The purpose of data collection The type of data that is collected, without including any personal identifiable information, only general attributes such as: first name, last name, phone number, company. Information regarding data processors and partners that have access to the user’s data.
Within Clym, consent can be obtained in 2 ways:Clym formsThis is a standard form used for collecting user information. In this scenario, the user data ismaintained by us, and is most suitable for websites that don’t maintain a user database, orwish to externalise this. A consent receipt is sent via email to the user.API integrationsThis type of integration is another available way of collecting user consent. In this scenario,the user data is not maintained by us, and is most suitable for web applications that host iton their own system, but want to use Clym for managing consent.It requires the web application to create its own forms for collecting data. In this case, theconsent receipt is generated by Clym, but presented in custom made receipts using theinformation necessary for a valid consent receipt sent via an API call.In addition to Clym forms and API integrations, our application also performs a ProgressiveConsent Collection, meaning that it can require a user’s consent on the go, as they use theplatform.
COOKIEMANAGEMENTConsidering that the GDPR regards cookies as personal identifying information, businessesneed to establish more effective ways of keeping track and managing website cookies, inorder to avoid breaking compliance.Clym makes cookie management and tracking effortless through:Cookie indexationOur research team has indexed cookies used by top 10 million sites to get a deepunderstanding on the ecosystem. Thus we can tell you which are the major dataaggregators, what data they collect about your users, how they use the data and wheredata is stored.Piggybacking preventionAdding or removing cookies is done through the Clym application, hence loading thecookies through our script, eliminating the risk of piggybacking. Works similarly to GoogleTag Manager.Supplier whitelistingAllows the restriction of cookies that have not been not provided by authorisedsuppliers.
Users are able to view information on all cookies used on a website a website uses andopt-in or out for each of them individually.For each service and group of cookies, they will be presented with the following information: Service name Description and purpose Lawfulness of processing Company data for third party processors (name, location, link to site, data location) Data it collectsIf the user has provided his email address, he will receive a cookies consent receipt overemail. Otherwise, the consent receipt will only be generated but not sent through.
Security is always excessive until it’s not enough.Robbie Sinclair, Head of Security @NSW Australia
COMPANY DATA MANAGEMENTClym enables companies to easily manage for each of their websites the following: Privacy Policy Cookie Policy Terms of Service Company informationThe latter is a key part of GDPR compliance, as companies are required to makepublicly available the name and contact details of their Data Protection Officer andcompany contact details.In addition to the above mentioned information, Clym also helps companies informusers regarding their rights in case they allow a company to collect and process PII.Within the application, a user can: Read his rights that apply to the country’s data protection legislation Receive a consent receipt that has a unique identification number (ID),allowing them to see a list of all the applications related to that consent receipt,and their status (approved or withdrawn) Check the cookie registry by company name or cookie name in order to seewhich of his personal information that company manages. USER RIGHTS
BENEFITSFlexibilityThe application can be adapted to each website’s needs, based oncountry-specific privacy regulations. In addition to this, it also allowslanguage preferences for a superior user experience, as well as for thesituation where the law requires consent to be granted in the user’sprefered language in order to be legal.Legally enforcing audit trailClym uses Blockchain-like technologies through an audit system forboth user consent actions and cookie management, that containsbesides records about the actual consent, records about how it waspresented to the user. All these are signed and it cannot be changed.ComplianceWe keep a close look on data privacy legislation so you can focus onwhat matters most for your business. Through our close ties to publicorganisations like IAPP and Kantara Initiative, we work hard to stayahead of the game and ensure Clym is fully compliant with legislationSecurity and anonymisationClym encrypts all personal identifying information, including IPs andbrowser data. Personal information is never shared in plain text and isnot included as such in consent receipts emailed to the user.
BENEFITSTransparencyThe application offers a high degree of transparency with regards toconsent, as it generates legally binding consent receipts, allows usersto read more on their rights, and see detailed information on thecookies used.ControlHigh level of control that allows detailed consent and cookiemanagement, consent expiry date and automatic consent deletionafter the data retention period passes.ScalabilityClym was designed to manage billions of users and consent events,being deployed on Amazon’s EU infrastructure with auto-scalingenabled. Whatever the number of applications and users yourorganisation manages, Clym can scale to cope with your load.CostBy managing data in an affordable cloud storage service, you canfocus IT resources on one system, thereby reducing complexity andenabling consolidation.Quick integrationEasy to integrate onto websites. Allows phased deployment.
PRICING Cloud basedBased on the number of profiles, the monthly prices in USD range from: FREE 0,5 ¢ 0,4 ¢ up per profile per profile to1000 profiles Between Between 1,001 10,001 and and 10,000 100,0000,35 ¢ 0,25 ¢ CONTACT per profile per profile US Between Between Over 100,001 500,001 1,000,000 and and 500,000 1,000,000On premise and private instance Get in touch with us for a personalised offer.
Sources* CSO Online - The biggest data breaches of the 21st century - http://search-cio.techtarget.com/definition/data-privacy-information-privacy** Cookiepedia - https://cookiepedia.co.uk/European Commission - Cookies - http://ec.europa.eu/ipg/basics/legal/cookies/in-dex_en.htmOptanon - The GDPR, Cookie Consent and Customer Centric Privacy - https://ww-w.cookielaw.org/blog/2016/5/13/the-gdpr,-cook-ie-consent-and-customer-centric-privacy/New York Times - Tech Giants Brace for Europe’s New Data Privacy Rules -https://www.nytimes.com/2018/01/28/technology/europe-data-privacy-rules.html
see you on the safe side +44(0)2035 145263 team@unloq.io2018 © UNLOQ Systems LTD. Registered in England and Wales, No. 09565911
Search
Read the Text Version
- 1 - 24
Pages:
