Cmacc - GDPR server EN - 20170606

CMACC SERVER – A CONTRACT SERVER FOR GDPR

Cmacc Transact  Marc Dangeard ◦ Engineering (Supaéro) and Business (HEC) background ◦ Entrepreneur (25 years in Silicon Valley) ◦ Oracle, Sony, many startups  Cmacc Transact ◦ Created in 2016 to do a POC with Caisse des Dépôts ◦ Cmacc language/server, based on CommonAccord CMACC SERVER - MAY 2017 2

Personal data from the very first interacCon Paul visits MyCorp website Paul agree to Terms of Use (without reading) What happens next? What data is collected? How? Where is it stored? How long is it kept? Who has access? CMACC SERVER - MAY 2017 3

Data in the enterprise: many silos Louis prepares a Terms of Bernard uploads the Jeanne sends marke\ng Marie ships products Pierre collects payments Use document document on the website emails LEGAL IT MARKETING BACK OFFICE COMPTA MS Word document in Cookies Email campaigns + CRM ERP + Shipping so^ware Financial system a folder DPO ? Many silos, coordinated around linear processes No easy data privacy management CMACC SERVER - MAY 2017 4

GDPR – May 25th, 2018 Informed consent Access to data, right to be forgoaen Portability ◦  Structured format, data transferred directly from one processor to the other if possible ◦  To make it easy to switch service providers Privacy by design / by default Culture, process, but also tools to: ◦  Inform users of their rights ◦  Manage these rights (access, changes, right to be forgoaen) ◦  Renew consents as needed CMACC SERVER - MAY 2017 5

What is GDPR was an opportunity to re-focus the enterprise around data? CMACC SERVER - MAY 2017 6

What if the DPO could manage all enterprise data with a simple tool? CMACC SERVER - MAY 2017 7

Contract server VS Code plugin Web page genera\on Contract server Private prose objects Data binding PDF genera\on Prose objects Open source prose objects •  API for custom UI •  API for Contract Lifecycle management •  API for Smart Contracts AI capture CMACC SERVER - MAY 2017 8

Benefits (GDPR)  Manage Terms of Use templates  Mul\-juridic\ons  Mul\-lingual  Manage User Informa\on no\ces  Manage all contracts that are impacted by GDPR (BCR, sub-contractors, etc.)  Manage related visual interfaces CMACC SERVER - MAY 2017 9

An improved user experience Paul visits MyCorp website He gives an informed consent, thanks to the visual clues provided on top of the consent form Paul MyCorp object object Terms of Use source: Disconnect Privacy Icons server via Legaltechdesign.com CMACC SERVER - MAY 2017 10

An architecture for GDPR DPO LEGAL Terms Paul of Use MyCorp object object object Sales contract object Group Users objects objects database Prose Objects Data Store database Partners Management of consents objects and other contracts CMACC SERVER - MAY 2017 11

A “data store” to manage all data Louis prepares a Terms of Bernard uploads the Jeanne sends marke\ng Marie ships products Pierre collects payments Use document document on the website emails LEGAL IT MARKETING BACK OFFICE COMPTA Cmacc prose objects Cookies Email marke\ng + CRM ERP + Shipping so^ware Financial system Manage easily updates resul\ng Consents are captured from Users can easily change Sales contracts with Delivery receipts, Invoices, 1 2 3 4 5 6 from changes in internal policy the website and due their choices, update payment and shipping no\ces of claim, Statements or changes in the law process can be their consent or the informa\on etc… documented related data) A system to manage all data, including UI for the users to access their data, and for the DPO to have Contracts server + Data Store DPO a view of how data is collected and managed CMACC SERVER - MAY 2017 12

From compliance to business opportunity COMPLIANCE OPPORTUNITY A system to manage data privacy, including: •  A data store as the one source of truth for user data •  Manage users rela\onships within the enterprise •  Build tools to collected an informed consent, with •  This data store used internally can be opened with an visual clues and ability to manage data privacy rights API to become a data store for end users •  Build tools to collect consent for minors •  API and autoriza\on management so that the next •  Manage all contracts impacted by GDPR \me a user wants to purchase from Amazon.com, she can provide a link to the data store rather than having to provide personal informa\on directly. CMACC SERVER - MAY 2017 13

Cmacc server – a contract server for GDPR Contract server Data binding Prose objects Cmacc Transact Ÿ HEC Paris Ÿ Supaéro [email protected] + 33 (7) 68 11 23 25  Manage Terms of Use templates  Manage User Informa\on no\ces  Manage all contracts that are impacted by GDPR  Manage related visual interfaces CMACC SERVER - MAY 2017 14