Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner Data protection c ompliance Personal data can you spot it Personal Data means data which relate to a living individual who can be identified ID: 329099
Download Presentation The PPT/PDF document "Digital Banking and Data Protection" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Digital Banking and Data Protection
Achieving balance of compliance with customer experience and opportunity
30 September 2015
Paula Barrett
PartnerSlide2
Data protection compliance Slide3
Personal data – can you spot it?
“Personal Data” means data which relate to a living individual who can be identified:
(a) from those data and other information which is in the possession of or is likely to come into the possession of, the data controller(b) includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual
Not just names – other identifiers too
Think about ability to combine with other data within business
Can include twitter names, Mac address, Fixed IP address
Current
DPA
Definition:Slide4
The players?
Spot the data controller(s)!
Often more than one in digital platforms
Within group?
Third parties?
Relevant for determining
Applicable law
Who carries
DPA
responsibility?
Lawfulness requirement in transfers from DC to BC
Limited exemptions
Who are the data processor?
Contractual requirements under
DPA
to be met
Under UK
DPA
no direct obligations
Position may change under
GDPR
Geographic restrictions on transfersSlide5
Timing:When does data collection really commence?
Bear in mind varying sources and channels – app, social media, other accounts, etc.
Do you need a third party to provide notice/expand notices to specifically include us and our processing? Scope – transparency is
essential and becoming more soConsistency across platforms (on and offline)
Expanding digital processing may mean we have to expand the non digital notices and notices on other platforms e.g. facebook
etc.
Technical
constaints
and customer experience
S
creen
and text limitations
L
ayering
Links to website and other locations for further detailFair Processing Notice must be given prior to or within a reasonable time of data being collected.When & how to deliverNotices and privacy policiesSlide6
Start with working out what processing you are doing
Need to understand the totality of processing including any sharing with other group companies and third parties
Treat consent as a last resort – not the first oneIt can be withdrawn at any time
Other lawful reasons:Consider statutory obligation
Legitimate interestA
t request of individual
F
ulfilment of contract
A
nti-fraud
Remember all qualified by “necessary for” test and proportionality
Transparency on consent obtained by or for third parties
How will marketing preference be exercised? tools within the digital product?
Operationally/technically need to be able to respond to consent changes from range of sources
For each category of personal data you need a lawful reason for processing it
When, what and how
Collection of permissionsSlide7
Questions?Slide8
Partner
Paula Barrett
Company Commercial+44 777 575 7958paulabarrett@eversheds.com
EvershedsOne Wood StreetLondonEC2V 7WS