- PDF Free Download

Size: px

Start display at page:

Download ""

Nicholas Beasley
5 years ago
Views:

2 SIGNATU AS Founded in 2015 by Torgeir Hovden and Georg Philip Krog Incorporated in Norway

TEAM GEORG PHILIP KROG Co-Founder georg@signatu.com Cand. Jur.

3 TEAM GEORG PHILIP KROG Co-Founder Cand. Jur. (MSc Law) University of Oslo PAST Researcher at UiO, Max Planck Institut, Stanford Law School, Harvard Law School, WIPO. 10 years legal consulting TORGEIR HOVDEN Co-Founder MSc CS, MTM/MBA NTNU, MIT Sloan, NHH PAST CTO Telenor Digital Principal Engineer, Microsoft Sr. Director FAST

4 Vision signatu creates transparency and trust between companies and users in the global digital data economy

5 MISSION signatu builds state-of-the-art, self-service tools for companies to safeguard personal data, build user trust and ensure law compliance in the personal data economy.

6 GDPR

7 The data economy

8 The data economy

9 The data economy

10 Products Privacy Policy Trackerdetect Consent

11 Policy Generator 1 Policy Create and maintain a Privacy Policy by answering easy-to-use questionnaire. All information requirements in the GDPR covered by the questionnaire. Output privacy policy in multiple formats - legal text, plain text, multiple languages.

12 Privacy Policy

13 Privacy Policy Questions Which information to include in the privacy policy? Which quality of information in the privacy policy? Which language for the privacy policy? How to provide the privacy policy? When & where to provide the privacy policy? Must the privacy policy match and be linked with the consent request? When & how to update information in the privacy policy? Securing evidence for having provided privacy policy?

14 English Data Protection Authority says... Providing meaningful and effective information is an ongoing challenge for organisations but one that they must meet to comply with data protection law. To get this right, you need to identify the means of communication and the language and tone that is most appropriate to the audience bearing in mind the way that their personal data is being used.

15 English Data Protection Authority says it is good practice to (use) a number of techniques to present privacy information to individuals. Take advantage of all of the technologies available a blended approach, incorporating a variety of techniques is likely to be most effective. Layered Just-in-time notices Icons and symbols Video Privacy dashboards

16 Demo

Secures tamper-proof evidence of consent and cryptographically

17 Consent 2 Consent Collects and tracks user consent in accordance with requirements set in the GDPR. Secures tamper-proof evidence of consent and cryptographically signed consent receipts. Integrates with Signatu Policies Supports privacy dashboards and Privacy By Design

18 Consent record A simple checkbox in your CRM isn t going to cut it You must keep a timeline of consent records that contain: link to the privacy policy, including versions/dates the identity of the controller the identity of the data subject the time of the start of the permission the time of the refusal of the permission the time of the termination of the permission the way the consent request was provided the way the consent withdrawal was provided

19 Consent Demo Documentation, API specification

20 Trackerdetect 3 Trackerdetect Detect 3rd party services on web sites Protect your audiences Monitor and keep documentation records

21 Is it game over? Source:

22 Modern Web/Mobile Apps Modern web sites use of 3rd party plug-ins extensively Analytics CRM Social Marketing Advertising

23 3rd party chain Company I want services free of charge! 3rd party 1 3rd party 1 3rd party 1 3rd party 3rd party 3rd party of 3rd 3rd party of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd 3rd party party... of 3rd party... of 3rd party... party...

24 NORDMA Results link

25 SIGNATU AS Proudly from Oslo, Norway Org. No:

26 BACKUP

27 GDPR Consent = enable user to grant, refuse or terminate permission How to enable user to understand s/he can perform his/her power at any time? How to enable user to understand which actions that grant, refuse or terminate permission ( statement, action, unambiguous, explicit )? How to enable user to understand the content of the permission request ( informed + specific )? How to enable user to understand the legal effect of the actions s/he has the power to perform? How to enable user to exercise his/her power freely? How to enable user to grant, refuse to grant or terminate permission at any time? How to provide the consent request? How to authenticate end-user to enable termination of permission? How to be able to demonstrate consent?

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments Antonio Kung, CTO 25 rue du Général Foy, 75008 Paris www.trialog.com 9 May 2017 1 Introduction Speaker Engineering