GDPR Health Sharing
Shaping your GDPR Strategy

Practical guidance for developers to shape their GDPR strategy

What final steps should system architects and developers take now to ensure they have all bases covered? Simon Crossley, director of engineering, plots a pragmatic path.

Despite the huge volume of publicity there’s been around General Data Protection Regulation (GDPR), there was a heightened sense of concern at a developer event I attended recently (the deadline for compliance is May 25).

At the end of my session, a number of people came forward, asking for clear guidance on what GDPR means at a practical level for developers and architects working with people’s personal data. Despite having made various preparations, they wanted to understand how other companies are addressing the common problems, the recommended thought processes when evaluating work, and how to more fully address the risks and issues in their decision-making.

It doesn’t help that this is chiefly a compliance exercise. So, while companies recognise they must put in place robust measures, they don’t really want to expend more energy or budget on this than they need to. So how can they cover themselves comprehensively, without taking too much of their resources and focus from the core functionality and differentiating qualities of their products?

Continue Reading

There’s no secret to quality data protection

Transparency is always at the heart of a good relationship. J Cromack, chief commercial officer at Consentric, explains how this applies in the personal data market and what organisations can do to ensure they benefit.

How do you put a value on trust? Last month, investors let their feelings be known about the Cambridge Analytica/Facebook revelations when they wiped $58bn off the latter’s market value within the day the news broke.

Facebook users were shocked, too, with #deletefacebook trending for days. Advertisers – Mozilla and Commerzbank, along with others including Tesla, SpaceX and Sonos – suspended Facebook activity; governments announced investigations. All told, the damage to trust is incalculable – and that’s potentially so for all organisations that collect data.

Personal data has become big business, with companies often treating it as a commodity to be bought and sold for profit. The problem is that individuals haven’t understood what happens to the information they supply and legislation to protect them hasn’t kept up with the market. As a result, the whole personal-data sector has been taken on trust… and now that trust has gone.

Continue Reading

GDPR: Checklist Summary of GDPR Software

A checklist summary of Consentric’s GDPR compliance Platform. Explaining the principles and requirements for becoming GDPR compliant. This overview will give you guidance as to how Consentric’s GDPR compliance software can help your business gain consent and other lawful bases for data processing.

Now more than ever, strong governance of personal data is a critical part of doing business today. Not only to build trust but also to avoid significant reputational damage and potential fines. Consentric is a cloud platform that gives you that governance. And it can do so across your organisation in a way that is transparent, accountable and empowering to both you and your customers.

Consentric was launched to support GDPR compliance, ensuring organisations can manage all 6 data processing justifications under article 6, paragraph 1, including Legitimate Interest and Consent.

It makes sure customers always know what personal data you hold on them and why.

And importantly, it gives them the power to exercise their enhanced rights under the GDPR. They will have the power to object to the processing of their data; they can request access to their data; they will have the authority to activate an erasure request. And they will have the power to give consent over the use of their data.

In short, this gives them the power to make the choices they want. And that results in a stronger relationship with you, the controller of their data.  But there’s another benefit for you – because all this activity is captured in an immutable audit trail, it demonstrates organisational accountability – which is required under the GDPR.

Artificial Intelligence

Will GDPR affect advancements in Artificial Intelligence?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. However, if you are a regular reader of our blogs, you will know that by now. As an organisation, you should be preparing to deliver trust and transparency with your customers, if you are a data subject (citizen) you should be preparing to take back control of your personal data.

One of the greatest achievements in the modern digital age is the innovations of Artificial Intelligence (AI). AI is the theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.

The potential of AI is something of great excitement to futurists, and transhumanist believers, who predict that AI could be billions of times smarter than humans, with the possibility of individuals needing to merge with computers to survive.

Current technology that is integrated with AI could include device wearables, such as, an Apple Watch which can monitor your physical activity and certain health attributes. These devices obviously have a private benefit to the individual consuming it. These devices create a wide array of data sets, which contribute to creating the internet of things.

Organisations can benefit from access to this data, to continue innovating technologies and solutions through AI or by using the data to produce sophisticated insights for both the consumer and organisation. When put to good use, the potential these technologies produce for society is exponential. However, when organisations take advantage and negatively exploit the wide array of personal data created by such technologies, we could see the current global crisis in trust deepen.

Continue Reading

Rebuilding consumer trust after Cambridge Analytica


Having invested heavily in online services, the last thing brands and public bodies want is to see customers and service users abandon them. J Cromack, chief commercial officer at Consentric, advises organisations how to navigate the current crisis of confidence,

It’s concerning to see companies still treating people’s personal data as a tradeable commodity – something they can use however they like and sell on for a handsome profit. But all that is about to end.

Many consumers have until now turned a blind eye to routine data collection – largely accepting it as part of the deal for having convenient and often free online services. But Cambridge Analytica’s activities and Facebook’s responsibility and subsequent response[1] have brought matters to a tipping point[2]. Online service providers are going to have to work hard to win back trust.

Continue Reading

Cambridge Analytica and Facebook – did they put the individual at the heart of their data strategy?

With more headlines breaking over the weekend about the disinformation and misuse of personal data to effect global political campaigns, it brought home to us that our three key pillars; accountability, transparency and empowerment are paramount in this digital world.

The latest news that 50 million Facebook accounts have been accessed and data used to build profiles to assist with Donald Trump’s election campaign and steer the Brexit referendum by Cambridge Analytica is quite frankly – shocking.

The FT, that once hired Cambridge Analytica for market research purposes themselves, are calling this a data scandal[1].

There are calls for the ICO to investigate and MP Damian Collins of the Digital, Culture, Media and Sport Select Committee said he will call both Facebook and Cambridge Analytica to give further testimony.

There is also a Channel Four News expose due to air later this week, where reporters have gone undercover as prospective clients and secretly filmed the meetings.

And herein lies the rub. If the personal data had been sought by the organisation transparently – with full disclosure as to the purpose for its collection and subsequent use, all of this could have been avoided.

Continue Reading

Out with the old. In with the new.

A blog by J Cromack, CCO

I recently took part in a GDPR Salon for Digital Leaders South West, held during GDPR week in partnership with the Corsham Institute.

I shared my understanding of the new data protection legislation and how I fervently believe it to be a great opportunity for the organisations that embrace it.

The Data Protection Act has been in place for the past twenty years – during this time the world has moved on dramatically, with some of the most extreme changes coming from technology and how we use it. Which is why it’s time for ‘out with the old, in with the new’.

Continue Reading

Follow Us