Consent Management Platform (CMP) is a software that helps you collect and handle personal information in a GDPR compliant way. It helps you gain insight into the personal data lifecycle from the moment of opt-in to the data removal enabling you to track, monitor, and respond to the data subject’s request and consents preferences.
The CMP should also allow you to centrally manage notices and propagate them to all consent collection channels. Although there are a number of Consent Management Platforms on the market, there are a lot of different concepts and designs. Make sure you opt for the one that will be a proper fit.
Especially regarding the integration with your front-end consent collection channels (like website, mobile apps, CRM systems, or marketing platforms) but that will also provide a clear view of activities so you can demonstrate compliance for any data subject on any level at any time.
Consent management design
Consent management design needs to include consent collection, consent management engine, and data processing.
In today’s world of omnichannel marketing, we often collect consents through multiple customer-facing channels, including web sites, mobile apps, user profiles, contact centers, and points of sale.
Consent management design should include all customer-facing channels to ensure that the processing of personal data is always in line with the data subject’s preferences. They are called consent collection points.
Once consents are collected, they should be stored in a central consent repository. Consent repository should be designed as a secure database and a single source of truth for all data processing based on data subject consent.
The consent management engine identifies data subjects and harmonizes their consent preferences collected through any collection point.
The central consent repository is sometimes called “The records of consent.” The records of consent are used by marketing engines to ensure all marketing communication is in line with data subjects’ preferences.
Marketing communication and analytics are the usual suspects and a straightforward example of data processing based on consents. The processing is lawful until data subjects withdraw consent (opt-out).
Organizations must enable easy and effective withdrawal of consent to the processing of personal data.
Withdrawal should be enabled on all channels and accessible through all communication events, much like the unsubscribe function in an online newsletter.
Furthermore, with records of consent being in a central repository, Organizations can design privacy preference centers for data subjects. A central point, accessible to individuals, for managing all consents and communication preferences.
Is there an all-around consent management solution?
Privacy management platform should have advanced consent management functionalities, like Data Privacy Manager. Any personal data collected and processed on the basis of an individual’s consent is managed in a GDPR compliant way. This includes all previously described functionalities and much more.
Besides consent collection and consequently, data processing, there are 2 additional stages of the personal data lifecycle. Once the data subject withdraws the consent, collected data needs to be retained.
Moreover, once the data retention period expires, collected personal data should be removed, either by deleting the data or by anonymizing it.
Data Privacy Manager uses bi-directional communication with consent collection points and data processing platforms.
It harmonizes data and individual’s communication preferences and represents a single source of truth for all consents. It also serves to demonstrate the GDPR compliant consent management process.
Furthermore, it takes care of personal data after consent withdrawal and, eventually, data removal. This is very important because retention and removal policies are often disregarded in the process.
If personal data is not removed in time, it represents a huge risk for Organizations because storing personal data without a purpose is contradictory to the fair information practices principle and is not compliant with the GDPR.
Data Privacy Manager’s consent module is used as a stand-alone tool or as a part of an end-to-end privacy management platform. As a standalone tool, it consists of three groups of functionalities: consent administration, records of consent, and opt-out funnel.
Additionally, as a part of an end-to-end privacy management platform, it automatically provides a Privacy 360° view of a single individual. It is providing information not only about consent history, active processing and communication preferences but also about other data processing based on another lawful basis.
Additionally, the Data Privacy Manager connects all data processing, including consent-based, with the records of processing activities.
Privacy Portal- a privacy-oriented self-service portal
Having privacy-friendly (and GDPR compliant) consent management should be one of your top priorities when introducing privacy programs. The judicial practice has shown that the absence of a simple and effective consent withdrawal mechanism would not be tolerated.
Researchers say that by the end of 2020, 30% of B2C Companies will have a privacy-oriented self-service portal providing individuals with transparent management of consents and preferences.
A privacy portal provides individuals with a simple and effective mechanism for opt-ins and opt-outs.
The consent management platform then ensures an individual’s preferences are respected, providing a single source of truth for all data processing based on consent, including marketing and analytics.
Data Privacy Manager’s Privacy Portal is an out-of-the-box privacy-oriented self-service portal.
Fueled by Data Privacy Manager’s consent management engine, it gives an overview of personal data processing to the individual, together with a user-friendly consent and preference management interface.
It is secure, mobile-friendly and Organizations using it have an unparalleled level of transparency toward their Customers.
Finally, think about the complexity of implementing such a solution. If you are in violation of GDPR, the DPA can give you a very short deadline to comply and implement all needed functionalities, especially if it takes custom development and changes to the existing system with a bad design.
It is much faster to implement an out-of-the-box product like Data Privacy Manager.
Especially if working with our experts, who can help accelerate the project dramatically.