You are now a personal data guardian

Data controllers and processors are starting to realise one of the implications of GDPR (General Data Protection Regulation), is that your role as a data processor/controller has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely? The premise is that now citizens/customers have new rights, specifically the right to know what personal data of theirs your organisation process’ along with a right to be forgotten. Which means that ownership of personal data is the individuals. Now you are humble custodian and guardian of this personal data whilst it is in your domain.

Organisation-wide impact

This change in responsibility for personal data has an impact across an organisation. As previously held norms no longer apply. Previous assumptions are no longer valid. In fact, trust is becoming ever more important. Brands wanting to differentiate are enabling customers full control over the personal data they choose to share.


The key word in GDPR is ‘Protection’. Organisations need to know what personal data is being processed, for which purpose. They also need to know where that data is being processed, who has access to this data and for what purpose are they using that data. The Privacy Impact Assessment - (aka the PIA) is the exercise that has captured this evidence. The PIA will become the foundation for your consent service.

Not Just a tech thing

Compliance, however, is not all about technology. It should be more about training, culture change, process change and a more transparent relationship with your customers. GDPR is actually a massive business opportunity. A chance to engage. A chance to build trust in your brand. A chance to have permission to know even more about your customer and therefore a better chance of making your customer happy at the same time as improving your operational effectiveness.

Direct Marketing needs a fix

Consent for direct marketing purposes is a must. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.

More interestingly, the services and experiences that use personal data such as location, all require consent.

Even more interesting, is that people want to give their personal data to brands that they trust. Trusted brands have engaged and motivated customers which impacts the bottom line.

This is where Consentua comes into play. Consentua is a consent management tool.

Take your PIA output, plan the data purposes against the customer journey.
Consentua describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Use your own CSS, add what else you need to the webSDK to present the most awesome consent interaction that will motivate your customers to trust you with their personal data.

Tell me more about Consentua

Consentua is made up of the following:

  • An easy to use framework accessible via a dashboard, used for the creation of your own consent templates, accessing your dedicated & secure client consent service(s).
  • This connects to a secure, highly available data repository which stores your user’s consent receipts.
  • The user interacts with the API via a series of SDKs available for iOS/Android/Web.

Consentua is a consent hub, allowing an organisation to have a single consent repository which they can choose to share internally and externally. The consent receipt is the audit point for GDPR consent compliance.

Consentua provides a really flexible consent service that puts you in control over the personal data being requested, at the same time as being transparent to the end user, whilst also giving the end user real choice and control over how their personal data is used. This builds trust and allows an organisation to grow their scope of purpose for the different types of personal data being used.

To know more about consentua, go to

Why GDPR is good for the business of consent

Thing is, now with GDPR with us, more and more organisations are realising that the sticking plasters now need a more permanent fix. Aligned with a regulatory need to have consent is a fundamental business need to.

Driven by two factors. Firstly customers are demanding more control over who gets to process their personal data. Secondly, customers are demanding more personalisation and value from brands they trust.

Let us check that Consentua and GDPR are compatible.

GDPR and Consentua

There are 7 principles to GDPR that any consent management platform needs to take into account.

The GDPR sets out seven key principles:

Lawfulness, fairness and transparency.
Consentua clearly sets out in a transparent nature and articulates the service provided for the exchange of personal data
Purpose limitation.
Purposes are central to what Consentua describes and captures the consent of.
Data minimisation.
No personal data is ever processed by Consentua. Thus minimising data processed.
Consentua records and timestamps what purpose has been consented to and when this consent was granted.
Storage limitation.
Only the consent identifier and purpose details are recorded. No personal data is processed by Consentua
Integrity and confidentiality (security)
Secure access to the Consentua dashboard. Only assigned admins can view their organisation's consent services.
No personal data stored in Consentua, so it is not possible for Consentua to link a known individual to a consent record.
Each consent service is unique to a client.
Each consent receipt is unique to a customer/user.

Looks like a resounding yes. GDPR and Consentua are good together.

Choice and Control

Business is having to deal with what are actually common objectives and requirements when it comes to consent. The first, partly due to GDPR having given the consumer/customer/citizen some teeth, they are now demanding more control over their personal data.

The second is the business/brand wants to differentiate and offer customers that control. This user delegated control breeds or reinforces trust in the brand.

Consumers want to trust brands. So anything that leads to both control, choice and trust will be embraced. This embracing leads to more business.