Digital Banking and Data Protection Achieving balance of compliance with customer experience and...
-
Upload
mae-phelps -
Category
Documents
-
view
214 -
download
2
Transcript of Digital Banking and Data Protection Achieving balance of compliance with customer experience and...
![Page 1: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/1.jpg)
Digital Banking and Data ProtectionAchieving balance of compliance with customer experience and opportunity
30 September 2015
Paula Barrett
Partner
![Page 2: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/2.jpg)
Data protection compliance
Recognizing what personal data/private
information is processed
Identifying the players - data controllers and
data processors
Work through application of
principles, lawful reasons, fairness,
transfers, filings, etc
Give fair notice
Gather permissions where needed
Other relevant issues• Other
legislation/laws/torts
• Culture and expectations
• Political/regulatory stance
![Page 3: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/3.jpg)
Personal data – can you spot it?
“Personal Data” means data which relate to a living individual who can be identified:
(a) from those data and other information which is in the possession of or is likely to come into the possession of, the data controller
(b) includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual
• Not just names – other identifiers too
• Think about ability to combine with other data within business
• Can include twitter names, Mac address, Fixed IP address
Current DPA Definition:
![Page 4: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/4.jpg)
The players?
−Spot the data controller(s)!• Often more than one in digital platforms• Within group?• Third parties?• Relevant for determining
• Applicable law• Who carries DPA responsibility?• Lawfulness requirement in transfers from
DC to BC • Limited exemptions
−Who are the data processor?• Contractual requirements under
DPA to be met• Under UK DPA no direct
obligations• Position may change under GDPR• Geographic restrictions on
transfers
![Page 5: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/5.jpg)
Eversheds LLP |
−Timing:• When does data collection really commence?• Bear in mind varying sources and channels – app, social media, other accounts, etc.• Do you need a third party to provide notice/expand notices to specifically include us
and our processing?
−Scope – transparency is essential and becoming more so
−Consistency across platforms (on and offline)• Expanding digital processing may mean we have to expand the non digital notices and
notices on other platforms e.g. facebook etc.
−Technical constaints and customer experience• Screen and text limitations• Layering• Links to website and other locations for further detail
Fair Processing Notice must be given prior to or within a reasonable time of data being collected.
When & how to deliver
Notices and privacy policies
![Page 6: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/6.jpg)
Eversheds LLP |
−Start with working out what processing you are doing• Need to understand the totality of processing including any sharing with other group
companies and third parties−Treat consent as a last resort – not the first one
• It can be withdrawn at any time−Other lawful reasons:
• Consider statutory obligation• Legitimate interest• At request of individual • Fulfilment of contract• Anti-fraud• Remember all qualified by “necessary for” test and proportionality
−Transparency on consent obtained by or for third parties−How will marketing preference be exercised? tools within the digital product?−Operationally/technically need to be able to respond to consent changes from
range of sources
For each category of personal data you need a lawful reason for processing it
When, what and how
Collection of permissions
![Page 7: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/7.jpg)
Questions?
![Page 8: Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.](https://reader036.fdocuments.us/reader036/viewer/2022083009/5697bf9a1a28abf838c92433/html5/thumbnails/8.jpg)
eversheds.com©2015 Eversheds LLPEversheds LLP is a limited liability partnership
Partner
Paula Barrett
Company Commercial+44 777 575 [email protected]
EvershedsOne Wood StreetLondonEC2V 7WS