Consent Management Gives Consumers Control of Their Data
The process of obtaining and responding to customer requests on the use of their personal and sensitive data is consent management. Most privacy regulations provide rights for consumers and customers to control the use of their data via the consent the customer grants a company or organization. Companies must gain consent from customers (either explicit or implicit) and respond to customer requests to remove or change their consents.
Organizations should provide clear and obvious tools or methods for customers to change consent. This could be a privacy or consent button on forms, settings in applications, or consent control options in customer communications and offers.
What are some examples of what a company needs to control for effective consent management?
- How personal data is being used.
- If personal data will be shared with partners.
- If personal data and preferences will be used to provide additional offers to customers.
- If personal data will be shared for research or analytical purposes.
How do organizations obtain consent choices?
- Written contract.
- Check boxes in web forms.
- Setting in an application.
- Response to an email.
- Verbal responses to oral questions.
What are the key requirements for effective consent management?
- Automated web notices to obtain consent.
- Database to store customer consent choices.
- Workflows for customer communication applications and ad partners to add/or withdraw consent.
- Reports and audit capabilities to review overall consent statistics and an individual’s consent preferences and history.
Here are additional resources to learn more about consent management:
- IAPP Glossary of Privacy Terms, Consent
- UK Information Commissioner’s Office, How to obtain, record and manage consent?
- CMSWire, What is a consent management system
You just learned about Consent Management, now explore related terms like Consent, Data Subject Rights, Data Subject and Consumer Rights, Data Subject Access Requests, Right to be Forgotten, Data Subject Access Request, Personal Data and Privacy Automation.