There are many different ways an organisation can handle Consent Management. But digital front runners are the ones shifting from a technical infrastructure role mindset to a customer centric approach.
With GDPR requirements coming up, the pressure on CDO’s and DPO’s is building up.
While the whole world is talking about Digital Transformation and all the consequences related to data privacy and data protection, some are pushing forward to develop and release tangible solutions.
This Consent Manager- based on the GDPR ICO Consent Guidance requirements – is such a solution.
With the responsibilities and needs of a DPO in mind, we developed a flexible tool that incorporates the three most relevant perspectives: the rights of data subjects; organisational control and processing and legislative compliance. Read the story behind it.
How does this work?
The GDPR provides a much-needed, updated definition of consent, defining it as:
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
What happens when the data subject wants to change his or her consent settings?
The legislation states clearly that just as easy someone gives their consent should be able to also withdraw it at any time. With the Consent Manager this can be done easily. All what the data subject needs to do is click on the Consent Settings bar and in the same manner as he/she gave consent, change it or withdraw it.
Who will benefit?
Individuals have real choice and control over how their data is used.
GDPR compliancy. Build customer trust and engagement, and enhanced reputation.
Instant, governed data-driven logistics for trusted relationships with their customers and increased ROI.
How does this fit in the whole picture?
• Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
• Active opt-in: pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar active opt-in methods (eg a binary choice given equal prominence).
• Granular: give granular options to consent separately to different types of processing wherever appropriate.
• Named: name your organisation and any third parties who will be relying on consent – even precisely defined categories of third-party organisations will not be acceptable under the GDPR.
• Documented: keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented.
• Easy to withdraw: tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.
• No imbalance in the relationship: consent will not be freely given if there is imbalance in the relationship between the individual and the controller – this will make consent particularly difficult for public authorities and for employers, who should look for an alternative lawful basis.