Insight: The new age of digital consent
By David Warburton, Senior Systems Engineer, F5 Networks
We’ve all ticked boxes, sent texts, and filled in forms loaded with personal details to unlock shiny new services, apps, and much more.
The problem is that we do not control what happens to that information and what to do about it when we’re concerned. To date, the notion of consent has been an irreproachable, business-friendly practice for organisations to legitimise all manner of personal data processing.
Those days are over. The EU General Data Protection Regulations (GDPR) has changed the data protection and usage game, empowering citizens to take ownership of their credentials and compelling businesses to operate with greater digital responsibility.
- Business Chief, Europe edition - July issue OUT NOW!
- Three German telcos pledge to improve 4G coverage by 2020
- Vodafone acquires Greek telco CYTA Hellas for €118mn
Under the new regulations, the onus is on organisations to identify at least one lawful basis for each processing operation. GDPR defines consent as any “freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her".
Consent gained and used in the traditional way of acquiring consumer information will not apply anymore.
Citizens’ data should only ever be used when they have a realistic choice, including withdrawing consent at any moment. This means organisations must have the immediate operational and technological wherewithal to stop processing the data delete it or export it back to the customer. Failure to do so will incur GDPR’s much-publicised and costly wrath. From now on, any consent request should be explicit, obvious and user-friendly. Businesses need to be completely transparent about purpose and process, providing a complete overview of all user rights.
GDPR’s stance on consent is set to have a profound impact on a wide range of industries. Consider, for example, an e-commerce company accustomed to freely leveraging customer data for multiple use-cases. From May 25th, 2018, it must identify all the different purposes for which it processes personal data. It must then document the correct lawful basis relevant to each purpose. Several other associated actions are also necessary, including providing information on the right to withdraw consent, as well as ensuring privacy policies are clear and accessible to customers.
The legal shake-up has prompted at least one major advertising company to relocate its headquarters from the EU due to an overreliance on consent as a data processing green light. Others are still playing catch-up to get their house in order. Recently, the Interactive Advertising Bureau (IAB) Europe released a draft tech specification of its open source GDPR Transparency & Consent framework for public comment. The goal is to help publishers, technology vendors, agencies and advertisers meet transparency and user choice requirements.
Personal data is now well and truly our exclusive property. Moving ahead, organisations must act as responsible stewards of that data, respect our wishes, and provide transparency at every juncture. They must choose the lawful basis that most closely reflects the true nature of their relationship with an individual and the explicit purpose of their data processing intent. If gaining consent proves difficult, it is probably because it is not the best, most lawful option in that instance.
Consent is still important, of course, and can be a viable conduit for rapid, innovative business practice. It just needs to be approached with greater care and specificity. It needn’t be a hindrance to commercial success in the long-term either. Transparency and best practice yields trust, enabling more robust customer relationships and receptivity to new, innovative services.
GDPR is a headline-grabbing piece of legislation, so expect high-profile public examples to be made for non-compliance. Comprehensive organisational changes are needed, including the introduction of digital management best-practice and the implementation of security technology capable of safeguarding personal data hotspots, such as applications hosted in multiple clouds.
Citizens have regained control of their personal data and businesses must respect that transactional relationship with customers has changed. Those on the right side of the law will stay compliant and keep pace with the digital generation. Those that have not done their due diligence will find themselves not just at the mercy of the law but will suffer the discontent of customers and the loss of trust.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”