What Is Consent Management Platform And Why You Need ItIn an attempt to answer the question of what is consent management platform and (more importantly) why you need one, let’s take a look at the recent GDPR fines.

Not that long ago a company in Poland received a fine for not managing collected consents properly.

The fine imposed by the President of the data protection office is over PLN 201.000 (47.000 EUR) for obstructing the exercise of the right to withdraw consent to the processing of personal data.

“The company – ClickQuickNow Sp. z o.o. did not implement appropriate technical and organizational measures that would enable easy and effective withdrawal of consent to the processing of personal data and the exercise of the right to obtain the erasure of personal data (the “right to be forgotten”)” stated the European Data Protection Board

However, you can not put a price on reputational damage.

Read the blog: Data breach and (re)building customer trust

You can read more about the whole case here. It is now evident that organizations collecting consent need to implement appropriate technical and organizational measures enabling easy and effective withdrawal of consent to the processing of personal data and the exercise of the right to be forgotten.

Furthermore, the company was given only 14 days from the date of delivery of the decision to adjust the opt-out process to the provisions of the GDPR. Fourteen days is very little time to adjust any business process, especially if the design of the systems in place is deficient.

Also, Polish DPA has put a price on the bad design of consent management. The fine alone (not taking into account the reputational damage) is higher than the price of a consent management platform.

This fine could have been avoided if the company implemented consent management in a GDPR compliant way. The quickest and easiest way to do that is to use a commercially available consent and preference management platform like Data Privacy Manager.

With the 47.000 EUR price tag on bad consent management design determined by the Polish DPA, it proves that using consent management platforms is also the least expensive way to get your consents in order.

Get 14-days Free Data Privacy Manager Trial

Consent management design

Consent management design needs to include consent collection, consent management engine, and data processing.

In today’s world of omnichannel marketing, we often collect consents through multiple customer-facing channels, including web sites, mobile apps, user profiles, contact centers, and points of sale.

Consent management design should include all customer-facing channels to ensure that the processing of personal data is always in line with the data subject’s preferences. They are called consent collection points.

The position of consent management platform in your systems

Once consents are collected, they should be stored in a central consent repository. Consent repository should be designed as a secure database and a single source of truth for all data processing based on data subject consent.

The consent management engine identifies data subjects and harmonizes their consent preferences collected through any collection point.

It should also store them in the central consent repository with the right amount of detail to allow the demonstration of GDPR compliant opt-in.

The central consent repository is sometimes called The records of consent.” The records of consent are used by marketing engines to ensure all marketing communication is in line with data subjects’ preferences.

Marketing communication and analytics are the usual suspects and a straightforward example of data processing based on consents. The processing is lawful until data subjects withdraw consent (opt-out).

As clearly demonstrated by the Polish DPA, Organizations must enable easy and effective withdrawal of consent to the processing of personal data.

Withdrawal should be enabled on all channels and accessible through all communication events, much like the unsubscribe function in an online newsletter.

Furthermore, with records of consent being in a central repository, Organizations can design privacy preference centers for data subjects. A central point, accessible to individuals, for managing all consents and communication preferences.

Is there an all-around consent management solution?

Data Privacy Manager is a privacy management platform with advanced consent management functionalities. We take care that any personal data collected and processed on the basis of an individual’s consent is managed in a GDPR compliant way. This includes all previously described functionalities and much more.

Besides consent collection and consequently, data processing, there are 2 additional stages of the personal data lifecycle. Once the data subject withdraws the consent, collected data needs to be retained.

Moreover, once the data retention period expires, collected personal data should be removed, either by deleting the data or by anonymizing it.

If you want to read more about GDPR compliant personal data removal download our E-book:

Download our e-book Solution for GDPR Compliant Personal Data Removal

Data Privacy Manager uses bi-directional communication with consent collection points and data processing platforms.

It harmonizes data and individual’s communication preferences and represents a single source of truth for all consents. It also serves to demonstrate the GDPR compliant consent management process.

Furthermore, it takes care of personal data after consent withdrawal and, eventually, data removal. This is very important because retention and removal policies are often disregarded in the process.

If personal data is not removed in time, it represents a huge risk for Organizations because storing personal data without a purpose is contradictory to the fair information practices principle and is not compliant with the GDPR.

Data Privacy Manager’s consent module is used as a stand-alone tool or as a part of an end-to-end privacy management platform. As a standalone tool, it consists of three groups of functionalities: consent administration, records of consent, and opt-out funnel.

CONSENT ADMINISTRATION EXAMPLE

Additionally, as a part of an end-to-end privacy management platform, it automatically provides a Privacy 360° view of a single individual. It is providing information not only about consent history, active processing and communication preferences but also about other data processing based on another lawful basis.

Additionally, the Data Privacy Manager connects all data processing, including consent-based, with the records of processing activities.

LAWFUL BASIS FOR PROCESSING EXAMPLE

Privacy Portal- a privacy-oriented self-service portal

Polish DPA has clearly demonstrated the importance of having a privacy friendly (and GDPR compliant) consent management. Also, it showed that the absence of a simple and effective consent withdrawal mechanism would not be tolerated.

Researchers say that by 2020, 30% of B2C Companies will have a privacy-oriented self-service portal providing individuals with transparent management of consents and preferences.

A privacy portal provides individuals with a simple and effective mechanism for opt-ins and opt-outs.

Consent management platform then ensures an individual’s preferences are respected, providing a single source of truth for all data processing based on consent, including marketing and analytics.

Data Privacy Manager’s Privacy Portal is an out-of-the-box privacy-oriented self-service portal.

Fueled by Data Privacy Manager’s consent management engine, it gives an overview of personal data processing to the individual, together with a user-friendly consent and preference management interface.

It is secure, mobile-friendly and Organizations using it have an unparalleled level of transparency toward their Customers.

PRIVACY PORTAL EXAMPLE

Finally, the Polish DPA gave a 14-day deadline to comply with the decision. 14 days is a very short period to implement all needed functionalities, especially if it takes custom development and changes to the existing system with a bad design.

It is much faster to implement an out-of-the-box product like Data Privacy Manager.

Especially if working with our experts, who can help accelerate the project dramatically.

data privacy manager demonstration