Why does anyone need consent management software?

TL;DR - make more money by improving trust between you and your customers

blogpost hero image of a pen on a piece of paper

People ask me “why does anyone need consent management? Aren’t there other, more applicable legal bases for the processing of personal data?”

In many cases this is true. Consent should often be used as the basis of last resort. However, when no other legal basis is available; there is no legitimate interest or regulatory need for data processing, for example; consent is often the best way forward.

The experience of working with large enterprise, government and even smaller organisations such as schools is that consent is still required in numerous circumstances - even where the organisation is specifically referred to within the GDPR.

A schoolchild sat at their desk, looking wistfully out of the window One example would be schools. The activities required for education of their pupils are not applicable to GDPR. Schools do, however, carry out many activities that are considered non-essential for the delivery of education to their students.

This will include use of the student photo for marketing purposes, permission to attend a school trip, permission to take part in extra-curricular sports and many more. Some of the education establishments our associates have worked with have, through their Privacy Impact Assessment, identified dozens of cases where consent may be the best legal basis.

Similarly, commercial organisations are often able to rely on a contractual basis for the use and retention of personal information. Sometimes however, this data is required for purposes that extend beyond the strict definitions within the contract and, again, consent is often identified as the appropriate basis.

Consent management increases trust by providing choice and control.

A consent management tool enables an organisation to record the consent interactions that they have with their customers, employees and users. It allows those customers, employees and users to choose what they consent to, what purposes they accept and to control access to their personal data.

We all see consent slips on the bottom of contracts, at the t’s and c’s page of a website or even on the request slip for a child to attend trips with their school. There are some occasions where these consent requests are inappropriate. If you don’t have any real choice about whether you should consent, for example, then consent should not be used as the legal basis for data processing.

Once the consent requests and, crucially, the purposes for the requests have been defined by the organisation, the customer can make an informed decision whether to grant consent. Ideally, that consent is then recorded and a consent receipt is issued that is interoperable with other consent systems.

The record of consent is then able to be queried whenever that personal information is used. This means that the customer experience is improved and trust is created between the organisation and the customer.

It is this increase in trust that is the key benefit of GDPR. There is evidence that a lack of trust in use of personal data severely affects revenues and/or service levels. Maintaining or even improving this trust should have a positive effect on organisations.

How can I prepare?

Your organisation will likely conduct a privacy impact assessment (PIA). This can be completed in conjunction with your data protection officer, or by using a consultant data privacy expert. It enables you to identify the personal information requirements and the appropriate legal basis for recording or processing that information.

If consent is one of the bases you will use then the PIA should identify the consent requests you will need to make. You need to clearly define your data types & ensure that the purposes are clearly defined. This is your consent request.

Together, the consent requests and the purposes for making the requests are pre-requisites for a successful adoption of consent management software. You may also want to think about where in your customer’s interactions you will be asking for consent. Will you need to integrate with other 3rd party software?

For example, if you use a CRM system to manage your customer data, do you need that system to query whether you can record certain information about your customer? Do you need to consult the consent record before sending out marketing material?

Consent tickboxes and the Consentua logo Our own tool is called Consentua. It is available now and ready to be deployed for your organisation today.

Send me an email at [email protected] if you want to see how Consentua can help you to improve trust with your customers.

Why you Need Consent in the Digital Economy. It enables Trust.

Lets face it we have grown used to organisations sending us unsolicited material and even though we as consumers are sometimes frustrated by old adverts chasing your business just because you once went to look at booking.com, the fact is the internet is not on your side as a consumer. Until now that is, with GDPR now coming into force consumers finally have an opportunity for a more level playing field.

What has been interesting to observe is that those in the technology industry seem to be taking a very conservative stance on managing this new regulatory regime.

The realisation that GDPR is coming is dawning on more and more business’. GDPR will be a challenge as well as an opportunity. The challenge is that data protection in the business is now serious due to the penalties involved (4% of global turnover) it therefore demands attention. The second challenge is time. GDPR comes into force on May 25th 2018. This means the panic button should not be hit just yet, but time will fly. Start planning now.

The opportunity is huge though. Firstly adherence to GDPR will improve your knowledge and understanding of your customers. Which can only be a good thing. This improved knowledge will increase trust. Which should lead to happier, sticker customers and more business for you.

The market today is seeing potential customers declining signing up for services due to the often binary terms and conditions requested. This is leading to lost business. Therefore, the opportunity for different levels of service quality related to the amount of personal data obtained from a customer will encourage more users to sign up; help retain these customers and also allow organisations to offer that bespoke very personal service that trusted brands can then exploit.

Overall GDPR will help reduce risk and exposure to your business. This is critical as more and more activity in the marketplace is digitally driven. In short GDPR if implemented right will improve operational efficiency and increase profit.

But What do I do Now?

Do not panic. This is because Consentua can help. Consentua does one thing very well, it captures consent from the data subject/user.

Consentua is a lightweight low impact API. This will enable quick and easy install into any business operation. This new service is available today and all it requires to start working is firstly a conversation about your consent requirements. Secondly, taking the output from the privacy impact assessment (PIA) that will be conducted as part of the GDPR preparations to build your unique consent management service.

Consentua encourages organisations to have different levels of service quality related to the amount personal data being consumed and processed by your organisation. Consentua captures the consent and stores it as a consent receipt. This then allows any organisation granted access to this consent receipt to have the record of consent that GDPR is now demanding.

This means it will facilitate an improvement in trust between the data subject and your organisation too. As well as improving operational efficiency and reducing risk to your organisation too.

How do I get Consentua?

Simple.
Go to consentua.com to learn more.
Contact the team at [email protected] Start preparing your consent template Install the API so it works with your enterprise/business systems. Consentua requires a common user id so it will work with your systems. Consentua does not hold any user data other than this ID. Start using Consentua!