Privacy and Consent
A company needs to get compliant with privacy regulations.
Problem
A company that delivers services leveraging the sharing economy pursues to strengthen the customers privacy controls.
Overview
The drivers for the change are privacy regulations (GDPR, CCCPA), costs of a potential non-compliance as well as an increased customer awareness. Since the company operates globally, they need to comply with multiple privacy regulations and they do hope to be prepared for upcoming ones.
The company sought a legal advice in the past and was recommended to update the privacy policy in the first place. It was also made clear that the privacy policy update alone was not enough and changes at the service level were indispensable.
The company has to be able to capture and store user consents and let the users manage them. The act of granting a consent, its scope, the granting authority, and the granting procedure have to be easily verifiable. The company needs to accommodate Data Privacy Officer (DPO), who effectively controls relevant data and consents, performs necessary audits to ensure compliance, and prevents data leakages.
The in-house built privacy solution could divert a significant amount of resources required for company’s core operations and still might not guarantee compliance.
The broad requirements to be satisfied have ruled out the in-house solution. The company is looking for a product that will seamlessly integrate with their platform and satisfy the requirements.
Solution
The company selects Cloudentity to strengthen their customers' privacy.
Result
Cloudentity’s solutions allow the company to
- Integrate with their existing identity and services with bring-your-own-identity,
- Introduce consents that the company requires, manage them, and track their versions,
- Use the consent management to govern their privacy policy and terms and conditions approvals,
- Store indisputable detailed consents in the privacy ledger,
- Capture consents from users and let them manage the consents through the privacy checkup,
- Ensure users give affirmative consents to share their data with third-party applications,
- Define access rules enforced prior to issuing access tokens to implement a massively scalable offline authorization model,
- Configure APIs consumption access rules and enforce them with MicroPerimeter™ to prevent an unauthorized access,
- Give DPO the 360-degree view of data elements and their proper protection,
- Make sure each service has access only to PII it needs by configuring PII data enrichment,
- Protect internal services against an internal unauthorized access building zero trust network with MicroPerimeter.