Black Friday for GDPR

Black Friday for GDPR
Fotolia

This year Poslovna inteligencija, one of largest Croatian IT exporters, will make very special Black Friday offer. It is not usual to offer enterprise software with special Black Friday discounts, but Poslovna inteligencija will do just that - they are offering exclusive 50% discount on license and first year M&S if you order their new Consent Lifecycle Manager (CLM) platform on Friday November 24th.

Managing consents and subject requests are some of the basic requirements of General Data Protection Regulation (GDPR); that functionality is brought to corporate customers with CLM platform.

„Every day we are meeting many companies that are now starting to explore which way to go and how to start their efforts to become GDPR compliant on time.“ Says Marijan Bračić, manager of GDPR program in Poslovna inteligencija. “We have decided for Black Friday campaign for several reasons. First reason is that on midnight November 24th will be exactly six months until May 25th 2018, when GDPR will be enforced. Second and most important is our dedication to enable as much of our loyal customers in European Union to tackle this critical issue with one platform that is easy to use out of the box and can easily integrate with other systems in the company through open API’s. Third reason is that we are always trying to be innovative and this is something that was not done before for enterprise software.

Find out more about Black Friday offer for CLM platform on following link http://www.inteligencija.com/gdpr/en/ , where you can also download a detailed brochure and sign up for demo and consultations

GDPR and Consent management

In order for an organization to comply with the principles of the GDPR, it should be able to govern personal data, know where they are and how to protect them. In addition, the organization should be able to fulfill legally defined rights for all EU citizens whose personal data it is processing. GDPR is applied to all natural persons with the nationality of some of the Union member states (data subjects), and it is necessary to meet and monitor the data subject's requests. In the context of a company, a data subject may be a user, a former user, the physical person to whom the company offers its products or services, an employee, a candidate for an employee or a partner’s employee.

The great emphasis of the new regulation is put on the consent as lawful basis for personal data processing. In most of EU countries legislation, consents are not novelty, but current controls are known to be very superficial and the penalties for non-compliance are negligible. The fines for non-compliance defined by GDPR are significantly higher, and the rights of data subjects require organizations to demonstrate how personal data have been acquired and how are they being processed.

Also, the definition of consent has been significantly changed with GDPR: Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

GDPR defines consent and states that the data controller must be able to demonstrate that the data subject has given the consent to process his data, that the request for consent was understandable and written in a simple language so that the data subject could opt-out as easily as he had opted-in, and that the service was not conditioned by consent.

GDPR also states that consent should be given by a clear affirmative action such as written statements (including electronic) or verbal statements. Marking a check box field when visiting the website is also considered as electronic written statement, but the field must not be pre-checked. When data is processed for multiple purposes, the consent should be given for all of them. If the data subject has no choice or is unable to refuse or withdraw the consent without any consequences, then it cannot be considered that the consent was given freely.

For all organizations which have up to date complied with the current law, implementation of GDPR requirements should be greatly facilitated, otherwise organizations will have to increase the level of data protection and learn how to govern personal data in order to comply with new legal obligations.

After the enforcement of GDPR on May 25th 2018, organizations will have to start managing consent lifecycle. Article 7 of the General Data Protection Regulation states that the data controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

Does that mean re-collecting of existing consents? Yes, unless they are already in line with the described GDPR requirements. For smooth business transition the organizations will have to define the processes of acquiring and processing consents long before the GDPR becomes enforceable in May 2018. The best way for organizations to acquire consents from data subjects again is to be transparent and explain in plain language why they are being acquired again, for which purpose and how can they benefit from it.

Why companies must manage consents?

In order to meet this requirement, there is a need for a system in which to keep records of all data subjects and given consents, records of opt-ins and opt-outs, and data subject requests to companies regarding their data and processing of their data. Such a system would enable the management of consents with all the necessary information available in one place - for all processing activities with consent as a lawful basis the organization should be able to demonstrate when the consent was given and from whom, through which channel and for what purpose. It should also enable the data subjects to opt-out as easily in which case the legal responsibility of the company is to stop processing their data where consent is lawful basis.

Activities processing personal data need to know that the conditions to start processing specific data subject’s personal data are met, which includes valid consent. Thus, consent management becomes a key factor in processes that provide business support and the grounds for making business decisions. Misguided steps in such processes may or may not have to result in corrective measures, but it is very certain that mistakes in such processes will affect brand and customer loyalty, and this is difficult to measure.

Consent Lifecycle Manager (CLM) platform

The Consent Lifecycle Manager (CLM) platform is a solution by Poslovna Inteligencija that is unique on the market and which enables organizations to simply and intuitively manage consent lifecycle and data subject requests.

CLM supports all the major processes related to the consent lifecycle and the management of the data subject's requests related to their personal data, starting with the process of acquiring and documenting consents, managing the purposes, managing the processing activities, and integrating consent and data subject requests data with other company systems, either through importing / exporting data or by calling open APIs. CLM keeps the history of all changes related to consents and data subject requests.

In addition, the CLM platform is a central application that will be used by the Data Protection Officer (DPO), which will enable him or her to supervise all processes related to data subject consents, including simple and configurable dashboards and detailed reports about all requests, actions and their status.

It can be said that virtually every company that has a relationship with a larger number of data subjects regulated by the consents and that needs to meet data subject’s requests defined by GDPR needs the CLM platform as part of the process of aligning the company with the requirements of the regulation. Five reasons why you need platform for managing consents:

Importance - Consent Lifecycle Management and subject requests management are among most important GDPR requirements

Compliance - If you are working with EU citizens and use consents, without CLM most likely you will be able to become GDPR compliant on-time!

Centralization - CLM is central and most important application that your Data Protection Officer (DPO) will use

Integration - CLM can easily be integrated with your CRM system and other IT systems using open and documented API's

Risk mitigation - CLM is standardized platform with all required functional components that can be used out of the box