Pillars to GDPR Success (2 of 5): Data Capture and Integration
The General Data Protection Regulation (GDPR) now requires organizations to take special care of employee and customer data. In order to abide by GDPR requirements, these organizations must get permission from all employees and users in order to use their data. The 5 Pillars for GDPR Compliance webinar details GDPR compliance.
Talend’s second pillar of GDPR compliance is data capture and integration. Data capture is the process of collecting data and transforming it into usable information. That data is eventually stored in a data lake and integrated into a company’s systems or across various business intelligence initiatives. In case the collected data includes personal data (from either employees or customers), it comes under the scope of GDPR and other data privacy compliance initiatives.
Data Capture: The Opt-In
GDPR was created to protect personal data and give individuals the ability to control how and where their information is used. So before using any data within an organization, GDPR requires organizations to get proper consent. This is often referred to as “opt-in.”
One of the simplest ways of getting consent is through a data capture form, on which users can simply opt-in or not. Data capture is extremely useful to indicate consent, as it automatically records users who have opted-in.
What kinds of information are people consenting to be used? Employees might allow personal data to be used in payroll platforms, HR systems, travel management systems, and/or incentive programs. Or consumers’ personal data might consist of names, demographic information, and more sensitive information like credit card numbers.
For proper GDPR compliance, all employee and customer data must be moved into one place. Then, companies need to take control of that data to be sure they are following compliance rules.
Using Talend for Data Capture and Integration
Talend Metadata Manager is where all personal data can be documented and tracked. It allows organizations to locate personal data across data flows and information systems, including consent from users.
In many cases, multiple consents have to be managed across applications. For example, the customer of an air transportation company might give consent for personal data to be used in the loyalty program, for personal cookie tracking in the web site, and to be geolocalized in mobile applications.
Using Talend Data Integration, Talend Big Data, Talend Cloud, or Talend Master Data Management, companies can create a personal data hub where they can reconcile personal data across disparate systems and keep track of which users have issued consent, as well as which users are unconfirmed opt-in (single opt-in), confirmed opt-in (COI), and double opt-in (DOI).
Take Control of Your Data
As soon as personal data is collected, consent must be obtained before the company can use it. After a user has given consent, he or she has the right to withdraw his or her consent at anytime. The data controller has to keep track and be able to demonstrate that the data subject has consented to the processing of his or her personal data at a certain time, for a certain context. This follows the GDPR guidelines for data capture and integration.
A good example on best practices for capturing data with customer consent is Credit Agricole Consumer Finance, a key player on the European consumer credit market. Crédit Agricole Consumer Finance launched a widespread digital transformation to improve the customer experience across all digital channels. As part of it, a governed data lake was populated to run most of the data ingestion, capturing more than 10 terabytes of data per day for personalized customer experience and precision credit scoring. Capturing consent at the same time—to make sure that the customer understands the value and impact of sharing his or her personal data—is crucial.
To find out more about GDPR compliance and how Talend products can help you achieve it, don’t miss the 5 Pillars for GDPR Compliance webinar.
← Pillar 1 | Pillar 3 →
More related articles
- Pillars to GDPR Success (4 of 5): Self-Service Curation and Certification
- Pillars to GDPR Success (3 of 5): Anonymize and Pseudonymize for Data Protection with Data Masking
- Pillars to GDPR Success (5 of 5): Data Access and Portability
- Preparing for GDPR
- [GDPR Step 14] How to Govern the Lifecycle of Information
- Pillars to GDPR Success (1 of 5): Data Classification and Lineage
- [GDPR Step 15] How to Set Up Data Sharing Agreements
- [GDPR Step 16] How to Enforce Compliance with Controls
- [GDPR Step 13] How to Manage End-User Computing
- [GDPR Step 11] How to Stitch Data Lineage
- [GDPR Step 09] How to Conduct Vendor Risk Assessments
- [GDPR Step 12] How to Govern Analytical Models
- [GDPR Step 10] How to Improve Data Quality
- [GDPR Step 08] How to Conduct Data Protection Impact Assessments
- [GDPR Step 07] How to Establish Data Masking Standards
- [GDPR Step 3] How to Confirm Data Owners
- [GDPR Step 06] How to Define Acceptable Use Standards for GDPR
- [GDPR Step 2] The Importance of Creating Data Taxonomy
- [GDPR Step 4] How to Identify Critical Datasets and Critical Data Elements
- What is Data Portability?
- [GDPR Step 01] How to Develop Policies, Standards, and Controls
- What is Data Privacy?
- [GDPR Step 5] How to Establish Data Collection Standards