Success Story

Banking Group: Consumer Data Protection


Ataccama implemented centralized consent management and authorization for the bank’s customer data, making it clear to all group members and departments which data could be legally used for which purposes and laying the foundation for the group’s compliance with GDPR legislation. The solution design allowed for extension to future data privacy and protection regulations such as CCPA.

Business objective and solution

  1. Build a customer data integration hub that is modern, robust, scalable, and fully operational, and which can consolidate and provide customer data across the bank and all daughter companies.
  2. Incorporate regulatory and legislative rules and constraints into their data hub to ensure all data is accessed, shared, and processed in accordance with internal directives and European law.

Ataccama’s solution targeted four company goals:

  • Mitigate any reputational risks associated with processing personal data
  • Implement accurately-targeted marketing campaigns
  • Improve data quality as a whole and enable more informed business decisions
  • Lay the foundation for future regulatory compliance

Implementing the solution for the banking group was especially complex, given that it needed to be done across an entire group of companies that shared data. We were able to determine precisely which companies in the group could use which data and for which specific purposes, and make this information clear to all data users group-wide. We successfully translated laws and regulations into easily understood data management rules, and incorporated all consent data, customer data, and regulatory and legislative rules into our wider MDM-based solution.

Preparing for Personal Data Regulation with Ataccama

Ataccama’s approach to individual rights management on the data level covers:

  • Consent management: Determining (for every individual) which consumer data must be excluded from the personal information sales process (opt-out) and which personal information on minors can be included in that process (opt-in) based on a provable, affirmative authorization from minors or their guardians.
  • Data lineage: Tracking the origin, processing, and providing personal information-related data. Data lineage provides input for individual rights requirements on access and disclosures about personal information sharing or sales.
  • Master Data Management (MDM): Mastering and centralizing key data assets, including party (consumer), product, and reference data associated with related business processes. In terms of CCPA, MDM serves as a central point of access to all personal information related to uniquely identifiable consumer identities. An MDM-based CCPA solution naturally supports transparency and individual rights management consistency.
  • Consumer privacy-specific metadata management: Personal information classification, localization, including personal data inventory creation & maintenance.
  • Data portability: On-demand provision of personal information-related specific data elements in a readily transferable electronic format.
  • Deletion: Centrally controlled personal information-related data deletion in all relevant systems and data storages.

Ataccama has the experience and technical know-how to translate law and regulation into a comprehensive data solution.

Get in compliance with CCPA

Reach out to learn how we can bring your company into CCPA compliance with a consent management, data lineage, and master data management solution.