Consent Management

PRIVACY VAULT organizes consent management into 3 distinct components:

CONSENT POLICIES:

  • Consent policy is automatically generated during the Purpose Definition / Privacy Impact Assessment process. 

  • This establishes the scope of the consent's purpose and provides an application with all information legally required for “informed consent” using a single API call.  

  • Consent policies are transparent enforced: where consent is required, data cannot be processed until the consent is granted. 
     

CONSENT REQUESTS:

 

Consent requires engagement between Data Controller and Data Subject, including authentication and authorization.

PRIVACY VAULT supports secure digital engagement via integrated access management  services; or via federation with virtually any 3rd party identity & access management system.

 

PRIVACY VAULT provides a multi-channel solution that supports a wide range consent use cases:

  • Bulk pre-loading of existing data subjects into one or more consent processes
     

  • On-boarding of new data subjects with integrated consent 
     

  • Web-based authentication and redirection to consent requests
     

  • e-Mail and SMS-based consent request invitations
     

  • Out of band consent requests via mobile push notifications
     

  • Customizable templates are provided that meet all GDPR “informed and affirmative consent” requirements.  

CONSENT AGREEMENTS:

 
In PRIVACY VAULT, a consent agreement is more than a "receipt" that consent was granted.  It is a digitally-signed instrument that provides both data subject and data controller with lawful evidence of consent.

Each consent agreement is used to operationally verify, in real-time, the validity of consent whenever data is processed for an authorized purpose.

 

This enables business processes to easily check for the existence and validity of the digitally-signed consent agreement, after which processing can proceed for the intended Purpose. Otherwise, personal data processing is denied.