You are now a personal data guardian

Data controllers and processors are starting to realise one of the implications of GDPR (General Data Protection Regulation), is that your role as a data processor/controller has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely? The premise is that now citizens/customers have new rights, specifically the right to know what personal data of theirs your organisation process’ along with a right to be forgotten. Which means that ownership of personal data is the individuals. Now you are humble custodian and guardian of this personal data whilst it is in your domain.

Organisation-wide impact

This change in responsibility for personal data has an impact across an organisation. As previously held norms no longer apply. Previous assumptions are no longer valid. In fact, trust is becoming ever more important. Brands wanting to differentiate are enabling customers full control over the personal data they choose to share.


The key word in GDPR is ‘Protection’. Organisations need to know what personal data is being processed, for which purpose. They also need to know where that data is being processed, who has access to this data and for what purpose are they using that data. The Privacy Impact Assessment - (aka the PIA) is the exercise that has captured this evidence. The PIA will become the foundation for your consent service.

Not Just a tech thing

Compliance, however, is not all about technology. It should be more about training, culture change, process change and a more transparent relationship with your customers. GDPR is actually a massive business opportunity. A chance to engage. A chance to build trust in your brand. A chance to have permission to know even more about your customer and therefore a better chance of making your customer happy at the same time as improving your operational effectiveness.

Direct Marketing needs a fix

Consent for direct marketing purposes is a must. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.

More interestingly, the services and experiences that use personal data such as location, all require consent.

Even more interesting, is that people want to give their personal data to brands that they trust. Trusted brands have engaged and motivated customers which impacts the bottom line.

This is where Consentua comes into play. Consentua is a consent management tool.

Take your PIA output, plan the data purposes against the customer journey.
Consentua describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Use your own CSS, add what else you need to the webSDK to present the most awesome consent interaction that will motivate your customers to trust you with their personal data.

Tell me more about Consentua

Consentua is made up of the following:

Consentua is a consent hub, allowing an organisation to have a single consent repository which they can choose to share internally and externally. The consent receipt is the audit point for GDPR consent compliance.

Consentua provides a really flexible consent service that puts you in control over the personal data being requested, at the same time as being transparent to the end user, whilst also giving the end user real choice and control over how their personal data is used. This builds trust and allows an organisation to grow their scope of purpose for the different types of personal data being used.

To know more about consentua, go to

Chris Cooper

Co-creator of Consentua our new GDPR consent service. Principal of KnowNowCities SmartCities experts. Chief innovator & co-founder of KnowNow Information.

Share This