SLIDE 1
we protect it. We have your data. We protect it. But you hold the - - PowerPoint PPT Presentation
we protect it. We have your data. We protect it. But you hold the - - PowerPoint PPT Presentation
We have your data, and we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL DATA SOURCES DATA SUBJECT TOUCH POINTS INGEST SHOW ME MULTI-POS ALL DATA MY DATA CENTRALIZED DATA ECOMMERCE CHANGE
SLIDE 2
SLIDE 3
We have your data, and we protect it.
SLIDE 4
We have your data. We protect it. But you hold the key.
SLIDE 5
API SERVICES
COMPANY DATA SOURCES ANYTHING… ANALYTICS CRM/ERP ECOMMERCE MULTI-POS
CONSUMER PORTAL SHOW ME MY DATA
✓ View ✓ Fo Forge rget ✓ Co Conte ntest
CHANGE MY DATA CENTRALIZED DATA INGEST ALL DATA SECURE LEDGER FULFILL REQUESTS
DATA SUBJECT TOUCH POINTS
PHYSICAL & DIGITAL TOUCH POINTS
✓ Transf ransfer ✓ Co Cons nsent
AUDITABLE
SLIDE 6
CONSUMER TOUCHPOINTS PHYSICAL POS ECOMMERCE CALL CENTERS MOBILE APPS KIOSKS ANYWHERE… Regardless of where they come from, all Data Subjects are directed to your dedicated, branded portal: e.g. privacy.YourCompany.com
SLIDE 7
SLIDE 8
SLIDE 9
SLIDE 10
Canada Australia Japan US / California
SLIDE 11
- Country-specific changes
(e.g. Ireland’s 7 day response)
- Clarifications and Rulings
(e.g. Reporting Requirements, Data Portability)
SLIDE 12
Delete my personal data
Global opt-out AND Do Not Sell My Information
There is an existing breach notification law in CA
Privacy Policy Updates Breach Notifications Right to be Forgotten Right to Restriction of Processing Right to Object Automated Decision Making Notification of Collection
At or before the point of collection At or before the point of collection
Download my Data Does not require account to make a request
Not specified Does not require Account
Website language
Only privacy policy requirements Clear requirements
- n language for
home page
GDPR CCPA
SLIDE 13
✓
These are not built for the changing landscape of privacy: New legislation. Country-specific differences (e.g. Ireland) and clarifications in law, implementation or precedent.
✓
▪ ▪ ▪ ▪ ▪
SLIDE 14
SLIDE 15
SLIDE 16
SLIDE 17
✓ ✓ ✓ ✓ ✓ ✓
https://privacy.apple.com
SLIDE 18
SLIDE 19
[Link] May 25, 2018
SLIDE 20
ID Upload LDAP/AD/
SAML / OAUTH
3rd Party Services
Email/ SMS
Verification
CAPTCHA
SLIDE 21
SLIDE 22
SLIDE 23
✓ ✓ ✓ ✓
SLIDE 24
SLIDE 25
SLIDE 26
✓ Support deletion of specific data elements or groupings (Primary Action). ✓ “Delete All Data” is a Secondary Action ✓ Remind users of
Services they may lose Value they may lose (loyalty points)
✓ Encourage Anonymize
- ver Delete
SLIDE 27
✓ Realize conflict between absolute deletion of user data and ensuring they stay deleted ✓ Consider creating an API and/or automated routine to help catch “forgotten” data elements before you accidentally use them ✓ The API/routine should tie back to your Privacy Tasks to auto-alert data source owners to delete records ✓ Maintain deletion requests via 3rd parties to legitimately claim deletion of data
SLIDE 28
SLIDE 29
✓ Report: Request types, results, and response timeframes ✓ Lots of “gray area”: Remember to budget IT hours to scope and maintain adherence to changes in requirements
SLIDE 30
SLIDE 31
✓ ✓
SLIDE 32
SLIDE 33
TO: privacy@brand.com DATE: 5/25/18 SUBJECT: Request for data Hello, Please tell me the information you have on me as I would like the right to modify or delete some or all of it. Under the GDPR, you have
- ne month to comply.
Thanks, Nancy Melbourn Data Subject
SLIDE 34
TO: privacy@brand.com DATE: 5/25/18 SUBJECT: Request for data Hello, Please tell me the information you have on me as I would like the right to modify or delete some or all of it. Under the GDPR, you have
- ne month to comply.
Thanks, Nancy Melbourn
What kind of request is this exactly? How do I process it? Do I need to process it? I have 80 backend systems. How do I find her data in each? How do I deliver her data to her in a way she can understand it? How would I delete her data across all of those systems?
How will I respond to this in time?
How do I handle this in way that I can prove if we get sued
- r fined?
I just got 1,000 requests just like this. How do I manage all
- f those?
Is this really Nancy? Is it SPAM? Is it a fraud attempt?
DPO Data Subject
SLIDE 35
3 General Strategies
✓ ✓ ✓
SLIDE 36
3 General Strategies
✓ ✓ ✓ {# of systems} x {# of SARs} ≤ 50
/month
SLIDE 37
3 General Strategies
✓ ✓ ✓
PROS: Does not require copying data CONS: Processor-heavy: Puts on-demand, computational stress on all data sources Rigid: Schema embedded in multiple APIs
- Unpredictable. You never know what the API is
going to return Difficult to Sell Internally: Level of difficulty to add a system is relatively high
SLIDE 38
3 General Strategies
✓ ✓ ✓
Pros: Enables BI, AI and other “layers” to the Analysis stack (Similar to Blockchain) Eliminates stress on day-to-day business Data Lake Vs. Data Warehouse Capturing “rogue” data
SLIDE 39
Phase 1: AUTOMATE SARS
- Working with an API lets you render
any data element in an understandable format.
- Virtually eliminates ops overhead for
data ingestion and rendering
- Consider grouping data into
“functional areas” and data groupings.
- Maintain ability to supplement with
manual processes and CSV/file upload
SLIDE 40
SLIDE 41
Phase 2: Automate “Denies”
SLIDE 42
Phase 2: Automate “Denies”
SLIDE 43
Phase 3: Automate “Changes”
Costly, but worth it Will your tools support it? (e.g. Wordpress) Pre-built Integrations and “Connectors”
SLIDE 44
✓ ✓ ✓ ✓ ✓ ✓ ✓
Email: hello@Truyo.com Subject: Roadshow offer
SLIDE 45