Consent Management

PRIVACY VAULT organizes consent management into 3 distinct components:

CONSENT POLICIES:

  • Consent policy is automatically generated during the Purpose Definition / Privacy Impact Assessment process. 

  • This establishes the scope of the consent's purpose and provides an application with all information legally required for “informed consent” using a single API call.  

  • Consent policies are transparent enforced: where consent is required, data cannot be processed until the consent is granted. 
     

CONSENT REQUESTS:

 

Consent require engagement between Data Controller and Data Subject, including authentication and authorization. PRIVACY VAULT supports engagement via integrated access management  services, or via federation with virtually any 3rd party identity & access management system.

 

PRIVACY VAULT provides a multi-channel solution that supports a wide range consent use cases:

  • Bulk pre-loading of existing data subjects into one or more consent processes
     

  • On-boarding of new data subjects with integrated consent 
     

  • Web-based authentication and redirection to consent requests
     

  • e-Mail and SMS-based consent request invitations
     

  • Out of band consent requests via mobile push notifications
     

  • Customizable templates are provided that meet all GDPR “informed and affirmative consent” requirements.  

CONSENT AGREEMENTS:

 
In PRIVACY VAULT, a consent agreement is more than a "receipt" that consent was granted.  It is a digitally-signed instrument that provides both data subject and data controller with lawful evidence of consent.

Each consent agreement is used to operationally verify, in real-time, the validity of consent whenever data is processed for an authorized purpose.

 

This enables business processes to easily check for the existence and validity of the digitally-signed consent agreement, after which processing can proceed for the intended Purpose. Otherwise, personal data processing is denied.