Why GDPR is good for the business of consent

05 Mar 2019

Thing is, now with GDPR with us, more and more organisations are realising that the sticking plasters now need a more permanent fix. Aligned with a regulatory need to have consent is a fundamental business need to.

Driven by two factors. Firstly customers are demanding more control over who gets to process their personal data. Secondly, customers are demanding more personalisation and value from brands they trust.

Let us check that Consentua and GDPR are compatible.

GDPR and Consentua

There are 7 principles to GDPR that any consent management platform needs to take into account.

The GDPR sets out seven key principles:

Lawfulness, fairness and transparency.

Consentua clearly sets out in a transparent nature and articulates the service provided for the exchange of personal data

Purpose limitation.

Purposes are central to what Consentua describes and captures the consent of.

Data minimisation.

No personal data is ever processed by Consentua. Thus minimising data processed.

Accuracy.

Consentua records and timestamps what purpose has been consented to and when this consent was granted.

Storage limitation.

Only the consent identifier and purpose details are recorded. No personal data is processed by Consentua

Integrity and confidentiality (security)

Secure access to the Consentua dashboard. Only assigned admins can view their organisation's consent services.

No personal data stored in Consentua, so it is not possible for Consentua to link a known individual to a consent record.

Accountability.

Each consent service is unique to a client.

Each consent receipt is unique to a customer/user.

Looks like a resounding yes. GDPR and Consentua are good together.

Choice and Control

Business is having to deal with what are actually common objectives and requirements when it comes to consent. The first, partly due to GDPR having given the consumer/customer/citizen some teeth, they are now demanding more control over their personal data.

The second is the business/brand wants to differentiate and offer customers that control. This user delegated control breeds or reinforces trust in the brand.

Consumers want to trust brands. So anything that leads to both control, choice and trust will be embraced. This embracing leads to more business.

Consent Hub from Consentua

02 Mar 2019

The consent hubbub

Creating a new dataset

Consent management is creating a new dataset. One that is not actually owned by the business but is instead owned and managed by their customer. From a Consentua perspective, this dataset is the consent receipt, based on a standard from Kantara.

The consent receipt records the permissions you have to use personal data. It contains the consent decision and the purpose for which the consent will be used.

A new requirement is born

The consent receipt is shareable and interoperable. Often, many different parties, both internal and external will want to have access to this consent receipt.

A customer tends to have only one or two points of access into an organisation (e.g. via an app or direct in store). However, the business needs many systems to deliver the smile the customer demands. All these systems use personal data. They will want to use this single golden record of consent.

In the era of RESTful services and API’s the concept of sharing a common resource is easy to facilitate. Thus the ‘consent hub’ is born. It acts as a common place for consent receipts and manages access to it from requesting systems.

Consentua is a Consent Hub

We didn’t consider Consentua a consent hub when we created the first version back in 2016. However, the capability of Consentua as a consent hub has been in place from day one. This is because the business owner of the client consent service can allow any party to query their consent receipts.

Using webhooks and notifications it is possible to create automated triggers and workflows. So when a customer changes their consent, the record is seamlessly updated elsewhere.

Consentua users manage the consent services the business is using, such as consent requests, via an admin dashboard. Full control and flexibility of the consent service are at the client’s control.

You can manage language, jurisdiction and purpose definition under a single consent management view. You can also create different scenarios such as employee consent or customer consent.

Designed for the enterprise but flexible and lightweight enough for any deployment. Consentua has users all around the world. To learn more contact me at [email protected]