Author: Debbie Betteridge

SID2019 Logo

When will they learn? Put the Citizen first!

There are no excuses. Unless you have been living under a rock somewhere extremely remote, you can’t have failed to hear, or read, about the new data privacy and communication regulations. GDPR and PECR are as familiar to businesses as Brexit. So, how can it be that, an EU referendum campaign, together with Eldon Insurance (trading as Go Skippy Insurance) failed so catastrophically when it came to the simple principles of these acts?

Citizens – you and me, are still being wronged by organisations in which we’d placed trust to do the right thing with our information.

As we entered this Digital Age, Information Age or Fourth Industrial Revolution – whatever you wish to call it, regulators, government, businesses and activists have been pressing home the need for more stringent legislation when it comes to the use of personal data. As more and more transactions are performed online, the volume of gathered data has risen exponentially. According to IDC (International Data Corporation), data creation doubles in size every two years, and by 2025 the digital universe (the amount of data created and copied annually) will grow to 163 zettabytes (ZB), or one trillion gigabytes (GB).

That’s a lot of personal data flowing around. Personal data that holds a lot of value, especially to the Digital Giants or Surveillance Capitalists.

Hence why us citizens, need to grow our understanding and question those who we share data with.

The afore mentioned and Eldon Insurance, broke the rules and have received not only an audit and notice from the Information Commissioner’s Office, but a fine of £120,000 to boot.

In the action from the ICO, it was found that the two organisations were linked. That systems meant to keep the personal data of the two operations separate were ineffective, resulting in politically charged communications being distributed to Eldon Insurance customers who had not opted in to receive them.

Similarly, Eldon Insurance sent two unlawful email campaigns, over one million emails, to the subscribers, without sufficient consent.

It is simply not good enough. The times when you daren’t open your email account for waves of spam messages should be a thing of the past. Cold calls should be safely relegated into Room 101 and a return to the bad old days when you could barely open your front door for unwanted direct mail shouldn’t be revived. And all, because of the new data privacy regulations – here to help you.

And, there are no excuses for getting it wrong when software exists to stop this happening. Software that integrates with existing systems, like Salesforce and other Customer Relationship Management programmes, for the betterment of customer relationships, to progress the value exchange so both parties get something meaningful from the interaction – a better product or service, a stronger community or improved communications.

The use of insights from valuable and actionable data – trustingly given in the full knowledge that it won’t be processed or shared for purposes other than you have specifically granted, will result in enriched customer relationships and reduced churn enabling organisations to rebuild customer bases with citizens opting in to do business with those they believe in.

So, on this Safer Internet Day – please think twice about what you share across the web. Check Privacy and Cookie policies to make sure you know what data is being drawn from your interaction. Understand what personal data is being processed, who (which department or organisation) is going to use it or have it shared with them, when was permission given to use it and for how long, why they need it – for what purpose and where did they actually obtain the permission from.

Feel free to challenge them and say no if you don’t want them to use any aspect of it. You might be happy for them to use your email to send you product updates, but not for general newsletters. You can stop them sharing your telephone number with their partners. Whatever makes you feel in control – you can always change your mind at a later date and let them know.

Make sure your permissions and preferences are logged so you get what you do want. If they can’t answer these questions or fail to tell you what they already have stored against your name, remind them of GDPR and PECR. Exercise your digital rights, opt in or out to what feels right, submit a Subject Access Request – free of charge, and if necessary, report breaches to the ICO.

Oh, and tell them that software exists to help them address all this and maintain compliance – it’s called Consentric.

Valuable Insights from Trusted Data.

Cambridge Analytica and Facebook – did they put the individual at the heart of their data strategy?

With more headlines breaking over the weekend about the disinformation and misuse of personal data to effect global political campaigns, it brought home to us that our three key pillars; accountability, transparency and empowerment are paramount in this digital world.

The latest news that 50 million Facebook accounts have been accessed and data used to build profiles to assist with Donald Trump’s election campaign and steer the Brexit referendum by Cambridge Analytica is quite frankly – shocking.

The FT, that once hired Cambridge Analytica for market research purposes themselves, are calling this a data scandal[1].

There are calls for the ICO to investigate and MP Damian Collins of the Digital, Culture, Media and Sport Select Committee said he will call both Facebook and Cambridge Analytica to give further testimony.

There is also a Channel Four News expose due to air later this week, where reporters have gone undercover as prospective clients and secretly filmed the meetings.

And herein lies the rub. If the personal data had been sought by the organisation transparently – with full disclosure as to the purpose for its collection and subsequent use, all of this could have been avoided.

Continue Reading

Out with the old. In with the new.

A blog by J Cromack, CCO

I recently took part in a GDPR Salon for Digital Leaders South West, held during GDPR week in partnership with the Corsham Institute.

I shared my understanding of the new data protection legislation and how I fervently believe it to be a great opportunity for the organisations that embrace it.

The Data Protection Act has been in place for the past twenty years – during this time the world has moved on dramatically, with some of the most extreme changes coming from technology and how we use it. Which is why it’s time for ‘out with the old, in with the new’.

Continue Reading

Is the NHS GDPR Ready?

The General Data Protection Regulation (GDPR) will become law on 25th May 2018, superseding the twenty-year-old Data Protection Act, which is no longer fit for purpose in this Digital Age.

GDPR enhances data protection laws across both the United Kingdom and European Union. Organisations, particularly those whom collect, process and share vast quantities of personal data will need to ensure that they are compliant or face action from the Information Commissioners Office (ICO). If organisations are found to be at fault, they may face hefty fines, either a maximum of €20 million or 4 percent of the organisations turn over, depending on the severity of the breach.

There has been some debate over whether, or not, the NHS need to adopt processes and policies aligned to GDPR. Some say it will only apply to commercial organisations or that “We are leaving the EU, so it no longer is applicable to us”. However, this is not true.

Continue Reading

PwC Scale Programme launches with MyLife Digital on board

Twelve companies will line-up on 1st March, to pitch their value proposition at the Scale | South West Executive Evening, including MyLife Digital.

Strengthening Bristol’s reputation as a tech, creative and media hub, PwC and Business West, in collaboration with Engine Shed have identified a dozen fast-growth companies in the South West and Wales who will embark on an exciting journey to help tackle the challenges of ‘scaling up’.

The Scale | South West programme will link these selected businesses with market leaders, industry experts and investors to help drive further their growth and expansion.

Welcoming the selected companies, Katharine Finn, PwC regional leader for the West, said:

“This is a fantastic opportunity for industry leaders, experts and investors to engage with the founders of fast-growth companies that have the potential to be future market leaders.

“Our aim is for founders and executives to learn from each other and feedback from previous programmes suggests that this process evolves as the programme develops. We are confident that this will continue into the current programme and that will, in turn, lead to real development and scale-up opportunities.”

The Scale proposition brings together companies who have developed disruptive and innovative technology, with executive decision makers looking to innovate, establish partnerships or provide mentoring and advice.

Over 20 large corporates with strong regional presence are already showing their support to the initiative.

For the full news release click here

J Cromack, MyLife Digital CCO, said:

“Being exposed to a network of Partners and corporate contacts of PwC was too good an opportunity to miss. The combined knowledge, support and review of our proposition and business plan will certainly help us scale our business. Working alongside and sharing experiences with like-minded individuals feels like it’ll be mutual gain for all while also supporting the aspirations of the South West to become a leading technology region in the UK.”

Patient privacy under threat from NHS Digital and Home Office data sharing agreement

Last week, it transpired that NHS Digital had been sharing non-clinical patient information with the Home Office for immigration purposes. The Home Office uses both NHS Digital and The Department for Health to obtain non-clinical data, such as addresses, Date of Birth, GP details and the local GP surgery registration date.

The Home Office is capturing data to identify those who may have failed to comply with certain restrictions which allowed them to remain in the country or escape immigration control.

However, while this data may be of benefit to the Home Office for immigration purposes, it appears to be putting citizens health at risk. Clinicians believe they have a duty of care to treat whoever turns up at the doors of hospitals across the nation, no matter what their nationality or immigration status.

Continue Reading

Driving Forward Patient Data Acceptability in the NHS

With GDPR effective from May 2018, the NHS will have a legal obligation with patients to be transparent, when portraying what they use their personal data for. They will also have to gain patient permissions for the various data uses.

Patient data sharing is vital for the NHS, it allows them to easily access patient records, enabling better primary care decisions to be made. Enhancing patient acceptability is a key factor for improving patient consent.

Furthermore, health data shared within the NHS has historically been very attractive to third parties within the healthcare industry, particularly in the medical research and pharmaceutical sector.

That said, some patients are uncomfortable with their most sensitive health data being shared outside the boundaries of the NHS. The possibility of sensitive health data, such as information on sexually transmitted diseases, a very private matter, gives the citizen an understandably cautious approach to giving permission to share it.

Continue Reading

Navigate the “Bumps in the Road” on your journey towards GDPR compliance

Chief Commercial Officer, J Cromack, reflects on his recent panel session at the GDPR:Summit

On the 30th January, I had the pleasure of addressing a room of delegates at the GDPR:Summit in London, alongside other like-minded advocates of strong data governance – Neira Jones, Sue MacLure, Robert Wassall and Tim Hunt.

The discussions around the room, were, quite rightly, centred on the impending General Data Protection Regulation (GDPR) and how it impacts business as usual. For me, there appears to be a lot of talk around the actual regulation, probably a bit too much – when the focus should be on getting it into practice.

The crux of the matter is that organisations need to place their customers, supporters, members, donors, patients, employees or whatever you call them (we say the citizen at MyLife Digital), at the heart of their data and GDPR strategy.

Simply remembering that the personal data citizens entrust to you actually belongs to them – you are a temporary custodian of this information whilst they remain a value exchange with you. The value exchange being the benefit both parties gain during the period of time you interact. Whether this is for products, services or employment, once the transaction or contact is complete, under GDPR the personal data must be deleted or anonymised after a certain time period (which you must determine based on your usage of the data and what is right by the citizen), as set out in your Privacy Policy.

Continue Reading

Easy transfer of Data with European Union beyond Brexit relies on embracing GDPR

While the General Data Protection Regulation (GDPR) is being put forward by the three European regulatory bodies, it will still apply to the UK during the Brexit negotiations and implementation period. Therefore, it is an Organisation’s responsibility to ensure they are “GDPR ready” even though the UK is leaving the European Union.

However, many Organisations may worry about how freely data can be transferred post-Brexit. I believe there is a simple answer to this. The sharper an organisation integrates GDPR into the regulatory stature of the organisation, the easier they should find it to transfer data with the EU once the United Kingdom has relinquished its membership.

Continue Reading

Exonar joins forces with MyLife Digital – for the good of trees

Newbury based Exonar has joined forces with MyLife Digital to provide an end to end solution to organisations who need to solve their General Data Protection Regulation (GDPR) problems, especially when it comes to Subject Access Requests (SARs).

GDPR has been around for two years, the enforcement date is set as 25th May 2018 – from this date the Information Commissioners Office (ICO) will be holding UK organisations accountable to the principles of this legislation rather than the Data Protection Act. As information about the GDPR has been available since 2015, there will be no further grace period – basically, we are already in it.

So, has your organisation used the last two years to prepare for the changes? Do you know where all the data is? Who has access to it? When was it collected and which Privacy Policy was in place at that point in time?  How do you retrieve all the information required if a customer requests to see it? – Possibly not, but you are not alone.

Continue Reading

Follow Us