18 Nov 2017
I need a way to manage consent to meet GDPR.
The easiest way to manage consent is to deploy a tool which simply records and helps you to manage your consent requirements and your customer’s consent decisions. Consentua is one such tool, a lightweight low impact API. It gives users choice and control over what happens to their personal data.
You can also consider a more complex, feature rich Personal Information Manager that will own your and your customer’s personal data interactions. This tool would become your golden record of identity. It would capture and manage consent for that users identity.
Consentua V Competitors.
The table below is a comparison of Consentua versus a PIM based approach to managing user consent.
|
Criteria
|
Personal Information Manager - handling consent
|
Consentua - handling consent
|
Consentua Comment
|
|
Can I use an anonymous identifier.
|
No
|
Yes
|
Consentua just needs a common identifier with those systems it is capturing and storing consent for. No personal data required so less risk, cost and faster.
|
|
Cloud / SaaS
|
Yes
|
Yes
|
Secure, redundant, resilient cloud infrastructure provided by Azure and BlueMix.
|
|
Secure
|
Yes
|
Yes
|
Unique token accessed URI per Consentua client and user. Encrypted data exchange.
|
|
Less than an hour to install?
|
No
|
Yes
|
Quick to set up. Easy to use. Scalable across an organisation.
|
|
Freemium
|
No
|
Yes
|
Try before you buy Consentua.
|
|
By Interaction Charging Model
|
No
|
Yes
|
Consentua use is linked to user value generated. Not that you are simply a member of the club,
|
|
Predictable Costs
|
Yes
|
Yes
|
Can cap or even predict amount of interactions, based on experience & trial period. Purchase suitable ‘bucket’ of consent interactions in advance.
|
|
Licence version
|
Yes
|
Yes
|
Consentua is available under licence
|
|
White Label
|
No
|
Yes
|
Your brand, our brand. Your call.
|
|
Users are free?
|
No
|
Yes
|
User interactions and dashboards are free.
|
|
Enterprise Wide
|
Yes
|
Yes
|
As long as all user identifiers are common across an enterprise, Consentua can be THE consent service for that enterprise, (& beyond)
|
|
Multi Language
|
Yes
|
Yes
|
Consentua can handle the same consent framework across any language or jurisdiction.
|
|
Multiple Consents
|
No
|
Yes
|
Group consents allow consent across time, space, location or circumstance.
|
|
Standards Based
|
Some
|
Yes
|
Adhering to the Kantara Consent Receipt standard.
|
|
SDK
|
No
|
Yes
|
Drops into existing app (iOS & Android). Available as a plugin for 3rd party software soon.
|
|
Other GDPR Benefits
|
No
|
Yes
|
Ask Consentua and it can show which users have consented to what. From who needs to be forgotten to who wants the best possible service. All available within a few clicks.
|
|
Re-use your PIA?
|
No
|
Yes
|
Create your own consent template from the PIA along with your brand values and service needs. You are in control over the consent being requested.
|
|
Easy external Access
|
No
|
Yes
|
Just grant the external service an API URI and they can access your Consentua service.
|
|
Does the person who pays the bill have control?
|
No
|
Yes
|
Your admins have control over your consentua service. Creating templates, adding users, adding roles, adding consent services.
|
|
Collective Knowledge
|
No
|
Yes
|
Industry associations, trade groups, clusters of common consent can re-use consent templates. Facilities best practice.
|
|
Different levels of consent easily explained?
|
No
|
Yes
|
The quid pro quo explained. My data for this level of service. With all levels in between.
|
|
User Impact minimal
|
No
|
Yes
|
Consentua is intuitive, once a user is notified to go to their ‘new consent’ view they start interacting & set the the level of service to be received versus consent granted.
|
|
User Benefits of exchange personal data are clear
|
No
|
Yes
|
Consentua provides that clear, unambiguous, ongoing view of consent. Plus it explains what I get as a user from the data exchange.
|
|
Realtime
|
Not always
|
Yes
|
If the user changes their consent everyone can be told. But, the recommended use is to only check consent when required, (i.e. before a campaign, before an interaction).
|
|
Different Roles
|
No
|
Yes
|
Multiple roles can be created within a service, but 3 access privileges (SystemAdmin/ClientAdmin/ClientUser)
|
Bonus Benefits for using Consentua:
Consentua facilitates an improvement in trust between the data subject and your organisation.
Improves operational efficiency and reduces risk. Provides a single enterprise and organisation wide view of consent.
Establish your ‘Consentfulness’ score
Prepare for an AI driven world using the forthcoming Consentua bots.
Conclusion
The easiest way for 99% of organisations to quickly control the management of consent under GDPR is to use a purpose built consent manager such as Consentua. It is a flexible, secure and lightweight API solution. It encourages trust and improved customer service.
Deploying a whole PIM suite may be the right thing to do for some organisations but it is likely to be a more complex process for a less flexible long term solution. The reliance on using your user’s personal data also means there is risk of unauthorised access.
Consentua helps a DPO manage a single point of entry into your organisation to see who has consented to what. It helps your marketing team get closer to, and know more about, your cutstomers. It provides choice and control.
How do I get Consentua?
Simple.
Go to www.consentua.com to learn more.
Contact the team at [email protected]
Start preparing your consent template by taking the output from the privacy impact assessment (PIA) that will be conducted as part of the GDPR preparations to build your unique consent management service.
Install the API so it works with your enterprise/business systems. Consentua requires a common user id so it will work with your systems. Consentua does not hold any user data other than this ID.
Start using Consentua!
15 Nov 2017
The following white paper is a description of how Consentua is being used.
Three use cases are described. The first is where a consent capture is required as part of a customer re-validation process or acquiring a new customer contact. The second is using Consentua within an existing app. The third is where Consentua is being used by a platform as a white label consent management service.
Each will cover three elements:
- The reason for capturing consent
- The client integration story. Including how Consentua was integrated and the template used.
- Realised benefits.
1. Consent as part of the customer acquisition process
Reason for capturing consent.
GDPR demands that citizens give consent in certain scenarios. One of which is for direct marketing purposes, especially where your data will be shared with 3rd parties. Another is where for trust and brand reputation reasons a transparent and consented to use of personal data is desired.
The use case here is for a charity. They have a desire to capture consent from both existing and new supporters. For new supporters the consent is captured when they first sign up. For existing supporters the consent request is emailed and the subsequent consent interaction occurs on a customers view of their existing consent, which needs to be verified.
The charity has approximately 5000 contacts in their CRM database. The estimate is around 50,000 consent interactions. This will cost the charity $99 per year.
Client Integration Story
The charity are required to make a number of changes to use Consentua. The web component will be used. This is applied to the charities web site. The charity also needs to be able to process the consent data. This involves granting access to other systems to the charities client consent service. As well as making sure they only process based on the result returned from Consentua when queried.
Consentua uses the same identifier for a user as the requesting system asking for a view of that users consent. In this use case the supporters email address is used as the common identifier.
The other aspect is the consent template that the charity is requiring. Templates are really about scenarios and can be further broken down into purposes. This use case has only one purpose and a limited number of personal data types. This results in a binary consent, single purpose consent service.
Transaction Flow
Existing Supporter being emailed.
Step 1. Supporter is given a link via email - clicking on this link takes to the user to a consent screen - (which is a popup on the charities web site)
Step 2. Supporter can change email address or inherit one from email and then grant consent
Step 3. Consent popup sends the now agreed to consent request to Consentua. This creates a unique consent receipt per that user identifier
Step 4. Charity systems can ask Consentua via the API who has consented to what or what has this user consented too.
New Supporter
Step 1. Supporter goes to website - encouraged to provide some details - «>
Step 2. Consent screen pops up - capture email from user and get consent for personal data required
Step 3. As per above.
Benefits Realised
The charity were able to deploy Consentua with ease and have been able create consent receipts for all supporters both old and new. Total cost to the charity was $99, plus the internal effort of using the web component and querying the API via other systems - (estimate at 2 days development and testing time).
Total benefits:
GDPR compliant
Clear consent statement from supporters
Flexibility for future needs already built in.
2. Established mobile app
Reason for capturing consent
This particular application uses a number of personal data types in its operation. The app is available on both iOS and Android. The need to capture consent is because of the multiple purposes for which personal data is used. Due to a relatively high churn rate (20%) the data controller can never assume consent is granted at all times.
This app collects personal data on location, sentiment, age, gender and occupation. The data is shared with numerous parties, albeit in an anonymised form. The data is used to influence other outcomes and the results are displayed in a public place. Users are interacted with on a daily or at a minimum a weekly basis.
The app has a few thousand users, however the interaction count is very high. Therefore the cost to the customer is $899 per year for 500,000 consents.
Client Integration Story
The primary user interface is via a mobile. So a new app update is shipped with the Consentua SDK deployed in that update. When the user goes to the new consent view, which can be auto pop-up or via push notification they will start interacting with Consentua.
On the clients backend a new check is made prior to personal data processing to check Consentua that all users in scope are consenting to that interaction.
The consent template is broken into two categories, the first is realtime data and outcomes. The second is historical data used for analysis and prediction. The first is a linear purpose group the second is a binary purpose group.
Transaction Flow
Step 1. User receives notification to check consents
Step 2. Launches Consent view which kicks off a request to Consentua.
Step 3a. If a new user, Consentua creates them and awaits their saved consent settings.
Step 3b. If an existing user Consentua retrieves the last save consent setting and displays this.
Step 4. App management tool can now see who has consented to what via Consentua API.
Benefits Realised
The customer has a transparent description of how personal data is used and applied, which end users appreciate and trust. The enablement of the consent receipt for others to access has been of benefit from a later research perspective. As a new 3rd party could be added and the new consent request updated in realtime. With no further code updates or app releases required. This flexibility alone paid for Consentua.
Cost to this client: $899 for 500,000 consents per annum. Plus the internal effort of using the mobile app SDK’s and set up the querying job to the API for other systems - (estimate at 4 days development and testing time).
Total benefits:
GDPR compliance swiftly enabled
Quick & easy to deploy API & SDK
Clear & transparent consent statement from users builds trust.
Flexibility for future needs already built in.
Reason for capturing consent
This customer has a platform that supports many different other companies. These customers use this platform as a one stop shop for customer contact and engagement. These customers expect the platform to be GDPR ready.
The platform will be creating campaigns for direct marketing specific brands to certain audiences. Customer acquisition and personalisation are key to these brands so knowing customers better is a primary objective.
The personal data will be shared with 3rd parties, but the benefits the customer receives as a result need to transparently articulated. This build trust in these brands.
Client Integration Story
The platform systems integration team are using the web component and a dedicated set of consent templates. These are then assigned to a specific campaign, which is then emailed to customers/prospects.
Once the consent receipt for the user is safely stored in Consentua. The campaign management tools in the platform can now ask Consentua for details on which customers have consented to a particular campaign.
The consent template is relatively simple. With one purpose and two data types. This equates to a double binary consent template.
Transaction Flow
Existing Customer being emailed.
Step 1. Customer is given a link to a campaign via email - clicking on this link takes the user to a consent screen - (which is a popup on the campaign web site)
Step 2. Customer can then grant consent, as well as add additional data to their profile.
Step 3. Consent popup sends the now agreed to consent request to Consentua. This creates a unique consent receipt per that user identifier
Step 4. Campaign management tool on the platform can now ask Consentua via the API who has consented to what or what has this user consented too.
Benefits Realised
Multiple. From the platforms perspective they have a fast path ready made consent service running under their brand. Their customers have a GDPR ready consent management capability at there fingertips.
Time to deployment of new consent services is rapid. A 10minute task to create a new campaign template, service and assign users.
The total cost to the platform for Consentua is $8999 per annum as the number of consents is going to be near 10 million per annum.
Total benefits:
GDPR compliance swiftly enabled
Quick & easy to deploy API
White label SaaS offering. My brand but none of the cost of developing.
Flexibility for future needs already built in.
