Consents
Contents
Introduction to Consents
Consents management provide the mean to acquire, update and use consents information. For example, it is possible to use Privacy Now® as a central repository of information about all the consents. Information about consents can be created and updated manually or interfacing Privacy Now® with external system. See the paragraph Configuration of consents sources for more information.
Workflow
A new consent can be created using the Add New functionality and choosing "New Consent". Alternatively, a new consent can be automatically acquired or updated by an external system.
A workflow enables to move consents in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the consent is initially created before the first save. |
| Valid | A consent in this status is valid and its information can be used accordingly. |
| Wrong email | This status is set (manually or automatically by an external system) when ……………TBC.. |
| Expired | In this status a consent is expired and therefore should be removed. |
| To be Removed | In this status, the consent shall be removed (the status is used to identify consents by the automatic removal procedure). |
Information
Consent records are organized in three sections:
- Identification, where identification data of the consent are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the consent;
- Consent Details, with the details of the consent;
Is possible to select only one consent type and one consent subject for each consent record. When the consent type is selected/updated the following fields could be automatically updated too (check details in table below).
| Field | Description |
|---|---|
| Consent Expires | At record insert/update: the value of this field will be set to "Yes" if selected consent type Duration (days) is > 0, otherwise "No". |
| Consent Last Update | At record insert/update: The value of this field will be set to current date and time. |
| First Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in First Warning (days). |
| Second Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Second Warning (days). |
| Final Consent Warning | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Third Warning (days). |
| Retention Deadline | This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Retention Period (days). |
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
consent can be automatically created by authorized external systems or by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the consent is managed by the roles described in the table below. groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have several privileges. They can:
|
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
However, some steps may be performed automatically (see the paragraph dedicated to warning and alerts).
Warning and alerts
Each consent will be set as an expiring consent or not depending from the property Duration (days) of selected consent type:
- Duration (days) = 0: in this case the current consent will never expire and no warning will be raised.
- Duration (days) > 0: in this case the consent consent will expire and will be possible to configure four levels of warning.
| Field | Description |
|---|---|
| Code | |
| Consent Type | |
| Description | |
| Duration (days) | |
| First Warning (days) | |
| Second Warning (days) | |
| Third Warning (days) | |
| Retention Period (days) | |
| Web Site URL | |
| Send Warning to Data Subject |
Reports
The list of consents can be filtered and exported to excel format from the view Consents.
Consents Import
Privacy-Now® allows to acquire consents from external source (using structured email or xlsx file).
Consent Mail Structure and Procedure
Privacy-Now® can be connected to a mailbox to acquire consents (see the paragraph dedicated to Consents Source Details).
A consent email shall contain the following parameters (one for each row): some of them are mandatory, while some other optional (check the detailed description of each one). The email format shall be plain text (HTML email will not be processed correctly) and shall not contain any signature.
Each mail shall contain one or more consent. Each consent is manageable only if 3 parameters are present and valorized: Consent_[consent name] , Value_[consent name] and Date_Time_[consent name].
Each consent present in mail will create a new ticket or update an existing ticket in Privacy-Now®. The existence of a consent is matched on Consent_[consent name], Source and the option selected in Data Subject Matching criteria.
| Field | Description |
|---|---|
| Source | The value of this parameter is mandatory and shall be filled with the consent source (ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in Settings/Data Sets/Consents/Consent Sources. |
| Name | The value of this parameter is mandatory. The first name of data subject. |
| Surname | The family name of data subject. |
| The email of data subject. | |
| City | The town of data subject. |
| Province_State | The province or state of data subject. |
| Country | The country of data subject. |
| Phone | The phone number of data subject. |
| User_id | The univocal id (integer) of the user corresponding to data subject in consent source (ie: id of user in web site). |
| Username | The univocal login of the user corresponding to data subject in consent source (ie: login of user in web site). |
| IP_address | The ip address used by data subject during web site browsing. |
| Lang | The main language of data subject. Possible values: "en-GB", "it-IT" and "fr-FR". |
| Consent_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newseletter). At least one Consent_[consent name] shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the Code inserted in Settings/Data Sets/Consents/Consent Types. |
| Value_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newseletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Value_[consent name] (ie: Value_Newsletter). The value of this parameter shall be "1" (consent given) or "0" (consent denied). |
| Date_Time_[consent name] | [consent name] shall be replaced by the name of consent (ie: consent_newseletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Date_Time_[consent name] (ie: Date_Time_Newsletter). The value of this parameter shall be the date and time of consent management in web site. It shall be in format dd-mm-yyyy hh:mm:ss . |
Example of a well structured email:
Source:myCompanyName Name:Jhon Surname:Smith Email:jhon.smith@mymail.com City:myTown Province_State:myProvince Country:myCountry Phone:002235468 User_id:12345 Username:jsmith IP_address:192.168.1.27 Lang:en-GB Consent_A:1 Value_A:0 Date_Time_A:12-10-2018 10:14:50 Consent_B:2 Value_B:0 Date_Time_B:12-10-2018 10:14:50 Consent_Newsletter:3 Value_Newsletter:1 Date_Time_Newsletter:12-10-2018 10:14:50
Bulk import of consent records
TBC
Removal of consents
Removal of single consent records
Bulk removal of consent records
TBC
