Evelina Georgieva, Pryv: “investing in data privacy is not only about fulfilling a requirement to achieve compliance”

Today, everyone leaves a digital footprint on the Internet. Whether it’s when you visit a daily newspaper website or when you make online banking transactions. Unfortunately, not all companies put their primary focus on data privacy and that leaves enormous amounts of sensitive information at risk.

It’s essential that businesses would start seeing data privacy as an essential part of building trust and brand reputation rather than a tick-box to achieve compliance. 

So Cybernews invited Evelina Georgieva, the Co-Founder and Business Development Officer at Pryv, to discuss about modern personal data management solutions and how they can empower forward-looking companies.

How did the idea of Pryv originate? What has your journey been like?

Pryv is a blend of ideas initiated more than 10 years ago. While overcoming leukemia, Pierre-Mikael got inspired to develop a solution that will empower patients to stay away from the hospital but still receive crucial monitoring and care remotely. At the same time, Frederic was eager to create a B2C digital place, Facebook-like but with privacy at focus to empower users to master their data sharing and protect their data ownership rights. Simon brought his digital ethics and privacy vision. I (Evelina) joined them when we pivoted from the B2C concept to create Pryv B2B as you know it today: a trusted software vendor of privacy and personal data management solutions. 

Can you introduce us to your personal data management software? What are its key features?

We help organizations manage personal data from creation to use, sharing and disposal. Following the privacy engineering approach, we support our client’s IT teams to ensure that their data privacy compliance is done right: from the very early architecture design to the introduction of data-driven business models. We help them not only accelerate time to market but also cut IT development costs and speed up data utility and scalability across legal jurisdictions, such as the GDPR and industry-specific regulations.

Since 2015, we license our Pryv.io software which is used as a solid foundation to boost the development efforts of “integrated teams” of IT engineers, legal and business experts. The Pryv.io middleware acts as a “plumbing system” which ensures their digital platform has its best chances to engage customers and drive business values – covering the entire data lifecycle and the data privacy aspects.

Among the bestseller features are the dynamic consent, extensible data model, decentralized storage for scalability, and data mapping for automatic integration with existing warehouses.

In your opinion, what data privacy issues should more people be concerned about?

It is yet not clear enough that privacy and security are different. Unlike security, which nowadays is well understood by almost anyone, data privacy is still unclear. Privacy can be translated in different ways and have different meanings. While some will correlate it with limiting access to data, others, like us at Pryv, will look at data privacy as a tool to unlock data values. For us, privacy is not secrecy, but the ability of individuals to use their data, act on their rights and give informed consent for the rightful processing of this data. Thus, each stakeholder can win more from the unlimited power that personal and contextualized data can bring.

My message to the users will be first to decide what privacy means to them and then take decisions and measure risks versus opportunities.

How do you think the recent global events affected your field of work?

The effect of the Covid pandemic, the growing power of information war, the upscaling Digital Democracy, and the rapidly changing Data Protection Regulations on a global scale, just to name a few, have been undoubtedly an eye-opening momentum for any forward-looking business. It became apparent that investing in data privacy is not only about fulfilling a requirement to achieve compliance but an imperative to build trust, protect brand reputation, and develop new revenue streams. 

Some experts believe that keeping up to date with data privacy trends and requirements could even be the selling point for customers. Can you share some tips for businesses looking to update their privacy policy? 

We believe that personal data aggregation, sharing, and processing should be as effective, secure, and trustworthy as online banking. This is a must-have to empower the user to understand the value of the data, how to manage and control it, and promote trust and engagement. 

In this new paradigm, privacy is not a compliance tick-box but an opportunity to break data silos, differentiate products, and services and attract end-users with trust, transparency, and empowerment. 

We advise our customers to embed privacy-DNA in any process of their organizations, early in the development phase, ensure cross-functional team and privacy-engineering capabilities and thus guarantee they can deliver competitive user-attracting services and open up new horizons for achieving high ROI in a short period and overtime.

What dangers can customers be exposed to if a company they trust struggles to ensure compliance? 

Besides the obvious non-compliance and loss of brand reputation and trust, for many businesses, a data protection breach will mean a loss of business that could be as strong as pushing the business to bankruptcy.

For users, understanding the trusted brand lacks privacy compliance might result in disappointment and disengagement, as well as pushing the individuals to act on their data rights (where is my data stored, prove me you have my consent and what so for, provide an audit on the data interactions, etc.) Incapacity to deliver will again result in impressively huge fines and serious business consequences.  

What are some of the worst mistakes companies tend to make when it comes to handling large amounts of customer data?

The biggest mistakes in my opinion are the following:

• Undervaluing the importance and impact data privacy has on their business
• Misunderstanding the data privacy principles
• Non-differentiating data privacy and security
• Not being able to identify data categories correctly
• Lacking efficient data governance strategy
• Implementing “bolt-on” patching solutions
• Missing the right team expertise

Talking about individuals, what actions should average Internet users take to protect their personal data online? 

Before taking action, we advise users to be informed about the data privacy rights they have and then to act on them. 

Share with us, what’s next for Pryv?  

We have recently introduced a powerful extension of our services by teaming up with OpenWT. As part of Pryv corporate development and pivotal time of growth, Pryv continues its full operations, focused on delivering licenses of its proprietary Pryv.io software, while data privacy consultancy services will be carried out by the OpenWT Data Privacy Excellence Practice.

About Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives. The CyberNews Investigation team uses white-hat hacking techniques to find and safely disclose cybersecurity threats and vulnerabilities across the online world. Leaks of users’ personal information? Security flaws in enterprises? Exchanges of sensitive data on the dark web? They’re on it. The CyberNews Editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders. They are working independently and transparently following our Editorial guidelines.

The post Evelina Georgieva, Pryv: “investing in data privacy is not only about fulfilling a requirement to achieve compliance” appeared first on Pryv.

Lausanne, Switzerland – October 6^th, 2020

Two leading Swiss providers of privacy and security solutions, Pryv and CYSEC, announce a strategic collaboration focused on integrating their products: the personal data & consent management middleware Pryv.io and the confidential computing solution ARCA from CYSEC. The two Swiss trust-tech companies are jointly pursuing strategic opportunities as part of their growth strategies.

Businesses operating in highly regulated markets such as healthcare, insurtech, mobility and fintech collect, use, and store sensitive personal data at scale. They must therefore adopt the highest privacy and security standards to ensure that data remains protected throughout the full lifecycle and across all three states of data: data at rest, in transit and in use. The need for secure data management has spawned a new era of data protection and privacy regulation and practices including: GDPR; Swiss DPA; CCPA, PIPEDA. And more stringent regulation will follow.

Organizations face regulatory constraints at many stages of software design and must make decisions on how best to manage access control rights, provide data auditing capabilities and store / host data.  As more organisations and entire industries embrace the collection of personal data and its processing, they too will become subject to highly stringent regulations.

While the collection and use of personal data has become increasingly mainstream, only few organisations have invested in reliable data management and storage solutions that provide the necessary security and privacy. Most organisations remain without protection. The risk is not only a potential fine of 20M EUR or more, but also losing the trust of users. Once lost, user trust and an organisations reputation are very hard to regain. To avoid this, it is imperative to work with the right privacy and security tools.

The Pryv.io Personal Data & Privacy Management Software allows businesses to build digital solutions that can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep the clients compliant with existing and forthcoming regulations.

The ARCA solution leverages certified hardware to secure data in use, enabling sensitive data to be processed inside a trusted execution environment. In this way, data can be processed without exposing it to the rest of the system, reducing exposure of sensitive data and providing greater control and transparency for users. Its main advantage is the ease of integration as it is compatible with modern virtualization tools that software developers use, including Docker, Kubernetes, VMWare. The solution can be deployed in centralized, decentralized and distributed architectures.

Pierre-Mikael Legris, CEO at Pryv SA said: “By combining ARCA and Pryv.io, companies will blend best of breed security and privacy- by-design technologies for their backend and enhance trust for their customers.”

Florian Wiedmann, Secure Analytics Manager at CYSEC commented: “Organisations looking to comply with increasingly stringent data regulation require a one-stop solution for all their data security and management needs. Teaming up with Pryv will allow us to achieve this goal: A solution that offers both security and critical data management tools to allow organisations to achieve compliance easily.”

Trust is critical for companies that manage personal data. Combining ARCA’s security and Pryv.io’s privacy by design technology provide a robust, secure and consent-based backend to achieve trust. The integration of Pryv.io and ARCA provides businesses with an easy to deploy solution to collect, structure, share, use and store personal and sensitive data without compromising on security and compliance. ARCA and Pryv.io are further integrated with TAK by Build38.

About Pryv

Pryv makes essential software for data-driven healthcare innovation. Our purpose-built middleware helps organizations manage personal data from creation to use, sharing and disposal. We accelerate time to market, cut IT development costs and speed up connectivity to all data sources. Pryv addresses the enhanced citizen’s right under GDPR and turns privacy compliance into a competitive advantage. For more information, please visit pryv.gihub.io/www

About CYSEC

CYSEC SA is a cybersecurity company based at the EPFL Innovation Park in Lausanne, Switzerland, whose mission is to shorten the time-to-market of innovative services by facilitating their integration into a secured IT environment. To achieve its mission, CYSEC developed a general-purpose security platform called ARCA able to store data and execute applications in a Trusted Environment. By lowering down the barriers to protect data and software, CYSEC enables its customers to benefit from a whole new level of flexibility and agility which is a game-changer today considering the fast-pace at which security and business requirements evolve. CYSEC focuses on the provision of its cybersecurity solutions in four vertical sectors, namely financial services, IoT, space and telecoms. For more information, please visit www.cysec.systems

  Media Contacts

CYSEC SA

Florian Wiedmann

Secure Analytics Manager

florian.wiedmann@cysec.systems

Pryv SA

Evelina Georgieva

CBDO & Co-founder

The post Pryv and CYSEC launch an integrated solution for collection and confidential computing of personal data at scale appeared first on Pryv.

A ready-to-use data management solution to achieve GDPR compliance and meet health data hosting requirements. 
Companies willing to collect and use personal health data can now benefit from a complete, ready-to-use, and scalable solution, offered by Euris Health Cloud® (health data hosting) and Pryv (personal data and privacy compliance middleware). In Europe, the solution combines a certified HDS (*) hosting offer for security and a personal healthcare data management service for privacy, allowing e-health actors to rigorously manage personal health data and quickly create applications that respect the rights of the patient at an attractive cost.

”Contrary to what companies may believe, the HDS Certification of their hosting provider in no way implies their compliance with the GDPR. All it tells them is that their host offers sufficient data protection guarantees.” says Pierre-Mikael Legris, CEO at Pryv “The complementarity of HDS hosting and GDPR compliance solutions is perfectly illustrated by our partnership with Euris.”

 

“Combining our expertise with Pryv knowledge and Pryv.io capabilities, we provide a unique and proven off-the-shelf solution that allows companies to achieve an optimal data management and protection solution globally through a new bundle offer for startups and innovative e-health projects.“ says Pedro Lucas, CEO at Euris Health Cloud®.

With the offerings Cloud Santé® PRIVACY and Cloud Santé® PRIVACY STARTUP by Euris and Pryv, companies operating in Europe can now meet both French HDS and EU GDPR requirements with no expertise required on their part, allowing them to focus on their core business and increase user engagement through trust and transparency.

About Euris Health Cloud®: www.euris.com

Euris Health Cloud® is a connected healthcare operator, specialized in the hosting of healthcare data. Euris Health Cloud® provides a global hosting infrastructure for personal health data, in compliance with local regulations: EU (HDS: 2018 &ISO 27001 2013), US (HIPAA), China (CSL).

Thanks to a unique marketplace model, Euris Health Cloud® also offers a complete range of interoperable services and solutions, facilitating the deployment of e-health projects: strong authentication, drive, archiving, backup, anonymization, Big Data, Business Intelligence, IoT, telemedicine, CRM, PRM and Healthcare Data Warehouse.

About Pryv: pryv.gihub.io/www

Pryv.io is an extensible personal data lifecycle management platform specifically engineered to empower developers to rapidly create and scale breakthrough GDPR and HIPAA compliant products, services, and experiences. The software has been developed to accommodate rapid integration. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing the most stringent data protection requirements.

(*) Certified HDS: « Hébergement de Données de Santé » (French Health Data Hosting certification based on ISO 27001 standard and GDPR regulation)

The post Euris and Pryv simplify personal data management: A ready-to-use solution to meet GDPR and Health Data Hosting requirements. appeared first on Pryv.

Security with app hardening and privacy-by-design backend are a top priority for Digital Health Providers

Fraud, privacy violations, cyberattacks, unauthorized data collection, outlaw processing, and hacking of connected medical devices and mobile applications are just a few of the threats arising from the digitalization of the healthcare industry. A hack, that can be disastrous for individuals, is just as harmful for businesses, who will face regulatory fines and damage to their reputation. Such threats can be minimized by implementing adequate privacy and security measures right from the very start. Protecting digital channels is invaluable on many levels, saves lives and prevents significant financial losses.

“Smartphones and tablets are the primary access point for both our personal and work life, and a valuable target for attackers,” said Dr. Christian Schlaeger, Build38 CEO. “Business agility provided by mobile devices will continue to drive adoption in the mobile health sector, even more now with the announced DiGA initiative of the German government. Build38 and Pryv empower businesses to embrace the productivity benefits of mobile devices while addressing the security and privacy risks.”

“Developing the privacy and security layers of Digital Health applications is a highly demanding task, yet essential to gain users trust and achieve compliance.” said Pierre-Mikael Legris, CEO at Pryv “This partnership is a game changer for digital health innovation. It provides digital health innovators with a rigorously tested off-the-shelf solution, allowing them to easily and rapidly develop trustworthy and scalable products.”

The offering by Pryv and Build38 foster compliance with the most stringent existing and forthcoming data protection and cybersecurity regulations. No dedicated security knowledge or privacy-expertise is required by development teams. Companies can focus on their core competency, while de-risking security and privacy compliance, winning time-to-market and fostering user-engagement through trust and transparency.

About Build38:

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

www.build38.com

About Pryv SA:

Pryv makes health personal data processing as secure and trustworthy as online banking.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations. The software has been developed to accommodate rapid integration, allowing you to properly manage your users’ data from day one. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT risk, development costs and accelerate time-to-benefit while addressing the GDPR and the most stringent data protection requirements.

pryv.gihub.io/www

The post Build38 and Pryv Team Up to Simplify Mobile Security and Privacy for Digital Health Companies appeared first on Pryv.

Lausanne, June 26th, 2018 — Pryv, the leading provider of privacy and personal data management software, today announced a partnership with Net4all which will give Swiss startups and SMEs access to a secure, compliant and fully managed cloud hosting solution for Pryv.io. This partnership will ensure that sensitive personal data is duly managed thru its lifecycle and kept completely secure under the stringent standards of the Swiss LDP and GDPR legislation. Net4All, one of the top hosting providers in Switzerland, is specialized in Web Hosting, Managed Services and Cyber Security for information systems and digital platforms. The company is ISO 27001 compliant.

“With Pryv.io on a managed cloud, customers get up and running quickly, with enterprise class operational support and proactive monitoring” says Anthony Gerard, CEO at Net4all.

“This way, in-house SME teams can focus on innovation and getting out to market quickly while Pryv and Net4all deliver core privacy functionalities as a service”

Managing privacy can be a costly capital expense that requires skilled resources to operate and maintain business applications in a secure and reliable manner. By hosting Pryv.io within Net4all world-class data centers and leveraging their expert management services, startups and SMEs gets the best of both worlds – rigorous privacy preserving capability at reduced operational costs, greater performance and reliability.

“Today, we are seeing more than three-quarters of startup customers ask about managed cloud hosting” says Pierre-Mikael Legris, CEO at Pryv. “As that deployment model becomes the norm, we are now ready to enable our customers to move to the cloud with confidence, fast, and leveraging the highest standards of reliability, security, and scalability.”

Through this trusted partnership, hosted customers receive the following benefits:

• A secure hosted environment that best suits their needs, with 24/7/365 support
• Full ownership of the data and retention of the software rights
• Custom tailored backup and data retention policy
• Ability to customize their application and still remain in the cloud
• Receive software updates and services packs at no additional charge.  

Net4all and Pryv will offer four managed hosting packages with varied levels of support, beginning from a “get started” offering for POCs to a premium Platinum Package for large scale, mission critical environments. The Pryv and Net4all team will sit down with you for consultation to assess your needs and the level of support needed.  

The post Pryv partners with Net4all to launch a managed hosting solution for privacy and personal data management appeared first on Pryv.