Cambridge Analytica and Facebook – did they put the individual at the heart of their data strategy?

With more headlines breaking over the weekend about the disinformation and misuse of personal data to effect global political campaigns, it brought home to us that our three key pillars; accountability, transparency and empowerment are paramount in this digital world.

The latest news that 50 million Facebook accounts have been accessed and data used to build profiles to assist with Donald Trump’s election campaign and steer the Brexit referendum by Cambridge Analytica is quite frankly – shocking.

The FT, that once hired Cambridge Analytica for market research purposes themselves, are calling this a data scandal[1].

There are calls for the ICO to investigate and MP Damian Collins of the Digital, Culture, Media and Sport Select Committee said he will call both Facebook and Cambridge Analytica to give further testimony.

There is also a Channel Four News expose due to air later this week, where reporters have gone undercover as prospective clients and secretly filmed the meetings.

And herein lies the rub. If the personal data had been sought by the organisation transparently – with full disclosure as to the purpose for its collection and subsequent use, all of this could have been avoided.

Continue Reading

Out with the old. In with the new.

A blog by J Cromack, CCO

I recently took part in a GDPR Salon for Digital Leaders South West, held during GDPR week in partnership with the Corsham Institute.

I shared my understanding of the new data protection legislation and how I fervently believe it to be a great opportunity for the organisations that embrace it.

The Data Protection Act has been in place for the past twenty years – during this time the world has moved on dramatically, with some of the most extreme changes coming from technology and how we use it. Which is why it’s time for ‘out with the old, in with the new’.

Continue Reading

Is the NHS GDPR Ready?

The General Data Protection Regulation (GDPR) will become law on 25th May 2018, superseding the twenty-year-old Data Protection Act, which is no longer fit for purpose in this Digital Age.

GDPR enhances data protection laws across both the United Kingdom and European Union. Organisations, particularly those whom collect, process and share vast quantities of personal data will need to ensure that they are compliant or face action from the Information Commissioners Office (ICO). If organisations are found to be at fault, they may face hefty fines, either a maximum of €20 million or 4 percent of the organisations turn over, depending on the severity of the breach.

There has been some debate over whether, or not, the NHS need to adopt processes and policies aligned to GDPR. Some say it will only apply to commercial organisations or that “We are leaving the EU, so it no longer is applicable to us”. However, this is not true.

Continue Reading

PwC Scale Programme launches with MyLife Digital on board

Twelve companies will line-up on 1st March, to pitch their value proposition at the Scale | South West Executive Evening, including MyLife Digital.

Strengthening Bristol’s reputation as a tech, creative and media hub, PwC and Business West, in collaboration with Engine Shed have identified a dozen fast-growth companies in the South West and Wales who will embark on an exciting journey to help tackle the challenges of ‘scaling up’.

The Scale | South West programme will link these selected businesses with market leaders, industry experts and investors to help drive further their growth and expansion.

Welcoming the selected companies, Katharine Finn, PwC regional leader for the West, said:

“This is a fantastic opportunity for industry leaders, experts and investors to engage with the founders of fast-growth companies that have the potential to be future market leaders.

“Our aim is for founders and executives to learn from each other and feedback from previous programmes suggests that this process evolves as the programme develops. We are confident that this will continue into the current programme and that will, in turn, lead to real development and scale-up opportunities.”

The Scale proposition brings together companies who have developed disruptive and innovative technology, with executive decision makers looking to innovate, establish partnerships or provide mentoring and advice.

Over 20 large corporates with strong regional presence are already showing their support to the initiative.

For the full news release click here

J Cromack, MyLife Digital CCO, said:

“Being exposed to a network of Partners and corporate contacts of PwC was too good an opportunity to miss. The combined knowledge, support and review of our proposition and business plan will certainly help us scale our business. Working alongside and sharing experiences with like-minded individuals feels like it’ll be mutual gain for all while also supporting the aspirations of the South West to become a leading technology region in the UK.”

Patient privacy under threat from NHS Digital and Home Office data sharing agreement

Last week, it transpired that NHS Digital had been sharing non-clinical patient information with the Home Office for immigration purposes. The Home Office uses both NHS Digital and The Department for Health to obtain non-clinical data, such as addresses, Date of Birth, GP details and the local GP surgery registration date.

The Home Office is capturing data to identify those who may have failed to comply with certain restrictions which allowed them to remain in the country or escape immigration control.

However, while this data may be of benefit to the Home Office for immigration purposes, it appears to be putting citizens health at risk. Clinicians believe they have a duty of care to treat whoever turns up at the doors of hospitals across the nation, no matter what their nationality or immigration status.

Continue Reading

Driving Forward Patient Data Acceptability in the NHS

With GDPR effective from May 2018, the NHS will have a legal obligation with patients to be transparent, when portraying what they use their personal data for. They will also have to gain patient permissions for the various data uses.

Patient data sharing is vital for the NHS, it allows them to easily access patient records, enabling better primary care decisions to be made. Enhancing patient acceptability is a key factor for improving patient consent.

Furthermore, health data shared within the NHS has historically been very attractive to third parties within the healthcare industry, particularly in the medical research and pharmaceutical sector.

That said, some patients are uncomfortable with their most sensitive health data being shared outside the boundaries of the NHS. The possibility of sensitive health data, such as information on sexually transmitted diseases, a very private matter, gives the citizen an understandably cautious approach to giving permission to share it.

Continue Reading

Navigate the “Bumps in the Road” on your journey towards GDPR compliance

Chief Commercial Officer, J Cromack, reflects on his recent panel session at the GDPR:Summit

On the 30th January, I had the pleasure of addressing a room of delegates at the GDPR:Summit in London, alongside other like-minded advocates of strong data governance – Neira Jones, Sue MacLure, Robert Wassall and Tim Hunt.

The discussions around the room, were, quite rightly, centred on the impending General Data Protection Regulation (GDPR) and how it impacts business as usual. For me, there appears to be a lot of talk around the actual regulation, probably a bit too much – when the focus should be on getting it into practice.

The crux of the matter is that organisations need to place their customers, supporters, members, donors, patients, employees or whatever you call them (we say the citizen at MyLife Digital), at the heart of their data and GDPR strategy.

Simply remembering that the personal data citizens entrust to you actually belongs to them – you are a temporary custodian of this information whilst they remain a value exchange with you. The value exchange being the benefit both parties gain during the period of time you interact. Whether this is for products, services or employment, once the transaction or contact is complete, under GDPR the personal data must be deleted or anonymised after a certain time period (which you must determine based on your usage of the data and what is right by the citizen), as set out in your Privacy Policy.

Continue Reading

Easy transfer of Data with European Union beyond Brexit relies on embracing GDPR

Easy transfer of Data with European Union beyond Brexit relies on embracing GDPR

While the General Data Protection Regulation (GDPR) is being put forward by the three European regulatory bodies, it will still apply to the UK during the Brexit negotiations and implementation period. Therefore, it is an Organisation’s responsibility to ensure they are “GDPR ready” even though the UK is leaving the European Union.

However, many Organisations may worry about how freely data can be transferred post-Brexit. I believe there is a simple answer to this. The sharper an organisation integrates GDPR into the regulatory stature of the organisation, the easier they should find it to transfer data with the EU once the United Kingdom has relinquished its membership.

Continue Reading


Exonar joins forces with MyLife Digital – for the good of trees

Newbury based Exonar has joined forces with MyLife Digital to provide an end to end solution to organisations who need to solve their General Data Protection Regulation (GDPR) problems, especially when it comes to Subject Access Requests (SARs).

GDPR has been around for two years, the enforcement date is set as 25th May 2018 – from this date the Information Commissioners Office (ICO) will be holding UK organisations accountable to the principles of this legislation rather than the Data Protection Act. As information about the GDPR has been available since 2015, there will be no further grace period – basically, we are already in it.

So, has your organisation used the last two years to prepare for the changes? Do you know where all the data is? Who has access to it? When was it collected and which Privacy Policy was in place at that point in time?  How do you retrieve all the information required if a customer requests to see it? – Possibly not, but you are not alone.

Continue Reading

MiFiD II has now launched – Will the GDPR launch go the same way?

As with any significant legislation change, people will have their say and opinions. The MiFID II (Markets in Financial Instruments Directive II) deadline came and went on the 3rd January 2018. Sophie Guibaud, VP of European Expansion at Fidor Bank spoke to BobsGuide Reporter David Beach, “MiFID II is a key piece of European-wide legislation. This regulation, along with the incoming GDPR piece of legislation, means that financial organisations will be looking at immediate options to help them decrease their regulatory risk and costs, while also improving the customer experience this year. The new regulations will have a huge effect as financial organisations’ relationships with regulators will rely upon real-time data to be shared to improve and speed up risk management and market stability, all through the power of APIs.”

The concerns, challenges and expectations from various industry leaders have been collated by BobsGuide and the full article can be found via this link.

So, is this a taste of things to come in May when the General Data Protection Regulation (GDPR) finally lands after two years in the making? Will organisations be better prepared for the change from the Data Protection Act?

We’d like to think so, but the clock is ticking.

Continue Reading

Follow Us