Scenarios where our team has advised on implementing Privacy by Design  

Examples of where our team has ensured data privacy obligations are met, without compromising business objectives  

 

How can you ensure ambition and innovation do not outrun data privacy obligations?

 

For many businesses, continuous alignment to data privacy obligations is complicated – especially while the business seeks to grow and innovate and the privacy landscape continuously evolves. 

 

Our team has advised and consulted on how to instil Privacy by Design into a huge range of complex projects, departments and even entire businesses. These are some of the most common and interesting scenarios, alongside the most pertinent questions that need to be addressed. 

 

Customer data platforms

 

The scenario

A wide variety of industries rely on large volumes of personal data – retail, hospitality, consumer finance to name only a few. But they all have the same core problems: what data do I have, and what can I use and how? 

 

 

The questions

 
  1. Where has my recent and historical data come from, and what permissions have been given? 
  2. How transparent have we been, and are being now, about what we are using data for? 
  3. What geographies could we be considered to be targeting?  
  4. Where does legitimate interest stop and the need for consent begin? 
  5. What am I using that data for, and how does that compare with the data subjects’ rights and ethical expectations? 
  6. How are you ensuring the continuous security of the data, especially from breaches and hacks? 

Back to top

 

 

TrianglesWhiteAndHollow

 

 

IoT data collection and use

 

The scenario

Many industries – especially telecoms, utilities, manufacturing and logistics – are deploying IoT technology and collecting huge volumes of data, often including personal data. 

 

 

The questions

 
  1. What sort of data am I collecting, and is any of it capable of being used to identify an individual?
  2. How broadly are you defining “personally identifiable”, and do you need to go further? Proximity sensor data, ambient light and even battery readouts have all been deemed capable of being used for tracking profiling.
  3. Is that individual aware that data on their data or even their interactions may be collected and processed? Have they given consent? Do they need to? Can they opt out or be “forgotten”?
  4. How and for what purposes is that data being processed, and in particular, is there any automated decision-making?
  5. How robust is the security of the data, and how are you balancing its safety from breaches and hacks, with the need to open it up to processing?

Back to top

 

HexagonsBlueandGrey

 

 

Case study:

 

planning-center-carousel-white

Achieving Privacy by Design

How a software developer achieved Privacy by Design and protected 1,000,000s of special category records

 

blue-spheres-2

The Business Benefits of Data Privacy

Discover the wider impact on the business of Privacy by Design and the data visibility it brings

 

The_Privacy_Rosetta_Stone_Mockup

The Privacy Rosetta Stone

How Privacy can make itself understood by the CISO and CIO, and make Privacy by Design an organization-wide reality

 

 

Mergers and Acquisitions

 

The scenario

When two companies come together, so do two different sets of privacy practices. And what ability does one company have to process the data of another company’s data subjects – ranging from clients and marketing contacts to employees and suppliers?

 

 

The questions

 
  1. What data is held by each company, and what permissions and expectations exist?
  2. What policies and agreements need to be set up to allow the internal transfer of data between the two previous organizations?
  3. What do the data subjects need to be told or offered in terms of the continued of their data?
  4. How does the new organization’s structure change its operations and targeting? Do new privacy regulations become relevant? Do lead supervisory authorities and similar need to be reconsidered?

Back to top

 

 

SquaresBlueAndGrey

 

Medical and pharmaceutical research

 

The scenario

These organizations gather and process huge volumes of data on individual’s conditions and treatments – some of the most sensitive data possible – often from multiple geographies and over long periods of time. 

 

 

The questions

 
  1. How transparent and adequate have historical data gathering processes been for the current purposes? 
  2. How identifiable do data subjects need to be for the core purpose of the research to still be achievable?
  3. What geographies is the data being sourced from, and what data privacy regulations apply? 
  4. To what degree is data being processed through AI platforms or similar, and are data subjects at risk of being subjected to automated decision-making?

Back to top

RombusWhite

 

 

 

lessthan5%

Fewer than 5% of AI service or technology providers have dedicated privacy resource in their businesses 

 

Based on Calligo’s research of 11,500+

AI and/or machine learning

consultancies and service providers 

 

AI service providers

 

The scenario

This includes AI consultancies that provide outsourced expertise, and providers of AI platforms for businesses to introduce into their organisations in order to start using their data more intelligently and insightfully. But while these organizations are experts in the technology, to what degree can they advise on how your data can be legitimately used? Or do they devolve data privacy responsibility to you? 

 

 

The questions

 
  1. If personal data is to be subject to this introduction of AI into your business, what permissions do you need? 
  2. How can your data privacy obligations – and the realities of the permissions you may or may not have – be balanced with the objectives of the project? 
  3. Where and under what conditions is your data going to be processed when using these AI tools? 

Back to top

 

CirclesOrangeGreyAndBlue

 

Related Services & Content

 

white-pyramids-1

Finding the right use for AI in your business

How to discover the most innovative, impactful and profitable use cases for AI within your business

 

blue-spheres-3

Privacy-first Data Insights Services

Discover how we deliver safe data insights by incorporating privacy by design into machine learning projects  

 

 

SaaS providers using AI

 

The scenario

SaaS platforms that have introduced AI (typically machine learning) to solve specific business problems, but often without regard to data privacy liabilities. 

 

 

The questions

 
  1. If the SaaS platform inherently processes sensitive data on behalf of their customer businesses, are the platform’s terms suitably transparent in how data subjects may be exposed to automated decision-making? Subjecting individuals to automated decision-making without prior, informed consent is specifically prohibited under various privacy laws, notably GDPR. 
  2. Do the platform’s customers need to gather appropriate consent from their data subjects for them to have their data used in this way?  
  3. What measures has the SaaS provider put in place to make sure they have? 
  4. Will the SaaS business’ brand be harmed if businesses start to use it and data subjects object to being unknowingly exposed to automated decision-making? 

Back to top

 

 

DiamondsOrangeGreyAndBlue

 

 

 

Case study:

 

planning-center-carousel-white

Achieving Privacy by Design

How a software developer achieved Privacy by Design and protected 1,000,000s of special category records

 

blue-cubes-2

The Business Impact of Data Privacy

Discover the wider benefits on the business of Privacy by Design and the data visibility it brings

 

The_Privacy_Rosetta_Stone_Mockup

The Privacy Rosetta Stone

How Privacy can make itself understood by the CISO and CIO, and make Privacy by Design a reality

 

Contact Us

Contact our consultants to discuss how Calligo can make your data work harder for you

Send An Enquiry