UniFida provides a privacy portal
- The single customer view (SCV) is developed by matching on-line and off-line personal data across multiple identifiers
- Consents and opt-outs from individuals can be uploaded to the SCV from any channel
- If an individual is providing a consent or opt-out in a call centre their SCV can be immediately accessed and the permission recorded
- Each permission action is held separately, and included with it are details of the date, channel and statement against which the action was taken
- When multiple and possibly conflicting permissions have been provided, rules can be derived from them to allow or disallow specific marketing activities including profiling of individuals
- These consent rules can be executed, including the restriction on profiling
- It is simple to copy, share, amend or delete an individual’s data
- When an individual asks that their personal data is deleted, the system retains all their non-personal data so that e.g. transactional data is retained for reporting purposes
- At the same time information is provided concerning where all that individual’s personal data is held in upstream systems
Subject access requests (SARs)
GDPR has brought about a fundamental change of data ownership. Post GDPR sees all data owned by the individual. And the individual has full control of what data companies can hold.
Without the right setup, SARs can be expensive and disruptive. UniFida is automated and intuitive, providing swift processing of subject access requests.
So how do you provide a simple map of all the data held and clearly show where permission was given or withheld? UniFida makes this very easy with just a few clicks.
Post GDPR, the following nine boxes can be used as a guide to prove that your technology can successfully support GDPR compliance
In our opinion, if your organisation holds personal information, there are nine boxes you need to be able to tick to be GDPR compliant from a technology perspective:
- Do you hold all the information you have about an individual in one place (we call this the single customer view or SCV), so that you can respond to requests from individuals to see, transfer, amend or delete their data or to change their permissions?
- Does your SCV make the best possible job of matching individuals across all their identifiers, from email to mobile number. Any information that can point to an individual can be used as part of the matching process.
- Can you receive and record consents and opt-outs via all the channels though which an individual can communicate with your organisation e.g. from website to post-room?
- When recording consents or opt-outs can you record the date, the channel through which they were received, and the statement to which they were consenting, or from which they were opting-out?
- When an individual has provided multiple consents at different times, which may contradict each other, do you keep each consent record separately, and can you derive rules from them which allow or restrict specific marketing activities? (Marketing activities may also include profiling the individual’s data).
- If the individual has requested that their data is not to be used for profiling, can you in practice prevent that data from being used to derive e.g. segmentation or propensity scores?
- Can you easily look up an individual’s single customer view (e.g. when they have called into a call center) and then act on instructions to copy, transfer, amend or delete their personal data?
- When asked to delete an individual’s personal data can you do this both from the SCV and from all upstream systems that have fed the SCV?
- When deleting personal data do you leave all other data relating to the individual in place so that e.g. transactional data can still be included in sales totals?
If you have ticked all nine boxes, your technology is ready to face GDPR!