Manetu CPM ® : A New Paradigm In Data Privacy Management

Data is increasingly central to enterprise business models, and new regulations around the world are constraining how that data is used, stored, protected and even deleted.

Oct 27, 2020

Role of Data

Data is increasingly central to enterprise business models, and new regulations around the world are constraining how that data is used, stored, protected and even deleted.

Today’s tech companies are driven by consumer data and insights, which collectively generate billions of dollars of revenue. Personal data is used to manipulate consumer behavior and perceptions. The data that businesses hold about us affects our lives and choices in an unprecedented--yet often underappreciated--manner.

Responsible businesses have always treated the security and privacy of our data as a top priority. But cyber-attacks have become all too common, and each data breach exposes hundreds of millions or even billions of people’s personally identifiable information (PII). Consumers lose trust in organizations with every data breach or story of abuse, and demand more action from the authorities. Research from Gartner, EY and others shows that more and more “data subjects” are making decisions based on how firms are handling their private data. Trust is paramount, and if consumers lack confidence in how businesses collect, store and use the data about them, they will take their business elsewhere. Therefore, consumer data privacy is a critical aspect of any enterprise.

Privacy Regulation Compliance

Government agencies across the globe are taking notice and imposing strict data privacy regulations. In addition to the EU/s GDPR, California’s CCPA, at least 120 regulations from different countries give certain privacy rights to us. In the EU, GDPR has been in effect since May 2018 and is proving to be the toughest data privacy and security law in the world. Many other countries are framing new privacy laws, using GDPR and CCPA as benchmarks. In fact, GDPR imposes obligations on organizations operating in any part of the world, so long as they collect data related to people in the EU. Moreover, both GDPR and CCPA can impose hefty fines for non-compliance.

This year, tech giants including Google, Facebook and others have paid millions of euros for privacy-law violations. These new laws require that businesses have clear, understandable and up to date privacy policies, that they give us access to our PII upon request, give us the right to opt-in or -out of various uses of our data. In many cases they also require organizations to appoint data protection officers (DPOs) to oversee an organization’s compliance with these regulations. GDPR also lays down specific tasks for DPOs, such as conducting regular assessments and audits, maintaining records of all data-processing activities, responding to data subject requests, informing consumers about their rights, and more.

Drawbacks Of Existing Request-Response Model

Most of the solutions on the market today are labor-intensive, expensive and time consuming. A consulting service might start by helping a business understand where its sensitive information resides and leverage some tools to discover how to map that data. Then the consultants, or in some cases a different firm altogether, will set up an email-centric workflow for responding to data-rights requests.

In this request-response model, data subjects come in and fill out a web-based form requesting their information. This generates an email, which sends an employee off to track down the consumer’s data across the enterprise. So the enterprise then allocates resources to go out and collect information from multiple target systems to satisfy that request, compile them into a suitable data format, and either email back to the consumer or alert them that it is available for download.

This onerous process takes, on average, 15 to 20 hours per request. As volumes of these requests increase it will be impossible to manually manage those volumes and be able to respond to those requests within the allotted time set by the regulations. We founded Manetu to fill this gap and solve this essential problem of automated data privacy management.

How Manetu CPM ® Solves The Problem

Manetu has created the world’s first automated CPM that offers an end-to-end solution for managing sensitive data. CPM puts the consumer in charge of their own data to ensure that business conforms to international data-privacy rules. Our cloud-based service allows enterprises to automatically discover PII that they hold and share it with the consumers in real-time in a secure privacy preserving manner. It automatically discovers, maps and aggregates data into a single source of truth, or vault, that serves as data master as well as an identity master.

CPM brings a self-service platform to business’s data-privacy requirements. Our customers can assign appropriate policies to consumers to access certain components of data and ability to modify it. CPM can then share that data automatically in response to data subject access requests (DSAR) or regulatory demands, and automatically synchronize corrections, updates or permission changes throughout your organization. We the data subjects can access the self-service platform to instantaneously access, consent or modify our data. Forget manual data entry: When a customer changes their information or consent, Manetu syncs those updates across your business. Thus, enterprises save thousands of man-hours in handling DSAR as required by privacy regulations such as GDPR, CCPA and others across the world.

Privacy by Design

CPM’s architecture builds in privacy from the start to ensure that your enterprises comply with data-privacy regulations now and in the future. It harnesses state-of-the-art cryptography, post-quantum key distribution, and multi-factor authentication in a synergetic way. No platform is more secure. Through our connectors, proprietary machine learning algorithms discover hidden PII from diverse systems such as Microsoft Excel, SalesForce, Microsoft Dynamics, Outlook, etc. The Swagger connector gives access to a wide range of APIs, including Oracle, MySQL or any others. Once it’s identified the PII, CPM maps and aggregates the consumer PII in our fully encrypted data vault.

Manetu leverages Hedera’s decentralized public ledger to act as notarization service. Hedera Hashgraph is a distributed ledger public network built on a consensus algorithm to create the next generation fast, fair and secure applications. We integrate this revolutionary consensus service with our state-of-art data privacy management platform to witness, authenticate and record all transactions with timestamps in an immutable record. This record can solve many disputes arising among consumers, enterprises and regulatory agencies.

What Manetu CPM Offers

To Enterprises

Organizations typically maintain multiple target systems (CRM and others) that hold user PII, such as social security numbers, telephone numbers, addresses or even account information and more. Updating and gathering this information from multiple target systems is an arduous process. Manetu allows enterprise clients to log into their administrative portal and use available or custom connectors to connect multiple disparate resources into one seamless integrated system.

CPM automatically identifies and aggregates “hidden” PII across the target systems and creates a unified data repository that provides information about the source of data and what data you hold on any particular subject. There is an option to map data sources and the kind of attributes of a consumer to visualize graphically. However, control still lies in the hand of administrators or DPOs to pick which attributes out of these fields they want to grant direct access to consumers.

DPOs can monitor all user activity and transactions happening on their systems. In case of any regulatory compliance requests, the DPOs can produce activity logs that hold the transactions or modifications performed by users or authorized entities at a particular instance of time which is notarized on a secure public ledger with verification. Additionally, the platform provides the ability to graphically visualize geo-tagged consumer data. For example, let’s say a particular service provider is concerned with GDPR of the EU. The DPOs can dive into that particular country and look into consumers and their data they hold from that jurisdiction.

Further, a service provider has the ability to define certain new policies and share them with consumers or concerned authorities under specific time constraints. DPOs can decide whether this policy goes into effect by default for a particular set of consumers in a country or region or across the board. They can define descriptions and legal language around it or upload legal documents that provide requirements to comply with the new policy. As soon as they save this new policy, it immediately becomes visible to consumers, at which point they can consent or not consent.

To Consumers

Verified data subjects can log in to CPM to see what data the enterprise holds on them in which databases. Further, consumers also can see the policies to which they have consented at a particular service provider. The platform provides us with the ability to edit or revoke our data directly and save the changes. This modification is immediately reflected both in CPM’s control plane and in the business’s target systems.

DPOs need not do anything; all changes get automatically updated, which helps to maintain up to date information on all users. Accessing the activity log, we can see any sensitive transactions or modifications happening on our data, which are notarized and verified on an encrypted decentralized public ledger.

Manetu CPM: Data Privacy Management Made Simple

Customer data is vital to most businesses today. New regulations obligate enterprises to respect consumer data rights and empower them to make decisions on their data. As the laws are evolving and becoming more stringent, many companies are forced to take consumer data privacy as a priority. Apart from fines, enterprise reputation and trust are at stake. Further, new regulations charge DPOs with overseeing data protection strategy and implementation of their organization. These factors drive the need for a simple automated data privacy management solution.

CPM provides automatic consent management, empowering consumers to directly control their data privacy rights, as required by the new regulatory acts. The platform automatically allows them to control certain aspects and attributes of their data. On the other side, it eases the burden from enterprises in allocating a whole bunch of resources to the collection, editing and deletion of data, saving time and money. This eliminates the existing manual request-response model and instead provides privacy management as a service to clients in real-time.

Finally, consumers are asserting their data rights and valuing their data privacy to an unprecedented degree. They are demanding their service providers give them access to their data and comply with privacy regulations. With state-of-the-art encryption and an immutable ledger for transaction validation, CPM assures the consumer that their data and their privacy has never been more secure. We help enterprises to build confidence and trust with their consumers and regulatory authorities. In this crucial moment, CPM provides an automatic, secure, and simple-to-use cloud-based data-privacy-management solution for the benefit of all stakeholders.