Consent Management

Why Consent Management Matters?

Consent Management

Consent is key to basic privacy and respect for users' data and therefore at the heart of modern privacy compliance. For a growing number of privacy regulations worldwide, like GDPR for example, explicit consent from a user is needed to process their personal data.

GDPR follows an opt-in approach to user consent. Meaning: a business only satisfies consent requirements when the user opts into the processing. The GDPR framework requires that users receive clear explanations of businesses' intended data processing.

To enable for your users the ability to opt-in for consent to:

  • specific cookie categories (preferences, statistics and marketing),
  • marketing activities
  • terms and conditions
  • etc

But also and not forget: to withdraw their consent again if they choose so at a later time.

Consent might look like a simple yes/no question, but there are important nuances. For instance, if you process personal data for marketing and customer service - you might need distinct consent questions for each of those use cases. You also must inform users of what these use cases actually mean for their data using clear and plain language. Further, you need to implement users' consent choices so that your data flows actually reflect and respect users' preferences.

User consent is just one piece of the data processing puzzle. But it is a big piece.

For consent to be valid the following conditions must be met:

  • it must be freely given;
  • it must be informed;
  • it must be given for a specific purpose;
  • all the reasons for the processing must be clearly stated;
  • it is explicit and given via a positive act;
  • it uses clear and plain language and is clearly visible;
  • it is possible to withdraw consent and that fact is explained.

 

GDPR & Consent

The GDPR definition of personal data is very wide, and includes “any information relating to an identified or identifiable natural person”, including information that can be combined to single out or build a rich profile of a particular data subject.

This means that your users must be informed about all tracking and consent to consume their personal data before any data can be processed.

 

What is valid GDPR consent?

Consent management is a key issue in the GDPR.

The GDPR definition of proper or valid consent is very clear and leaves clear responsibilities on the shoulders of website and application owners.

Article 7 of the GDPR treats the conditions for consent, and lists the following:

  1. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

  2. If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

    Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.

  3. The data subject shall have the right to withdraw his or her consent at any time.

    The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

    Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

  4. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

Real GDPR consent is thus informed, prior to any processing of user data, withdrawable and not on conditions of providing a service.

 

Consent Management as an Opportunity to Build Brand Trust

Consent Management

Data privacy is about more than just avoiding legal fines for non-compliance. However, the latest trends in privacy law enforcement point to how seriously regulators take proper consent management. GDPR authorities categorize regulatory violations into two categories: less severe and more severe. Consent violations fall into the more severe category, and they come with a steeper fine. A business found in violation of conditions for consent could face a fine of up to €20 million or 4% of global annual revenue, whichever is the larger amount.

Those figures for consent violations can be daunting. Their magnitude shows that consent is central to compliant privacy ops. But there's a positive flip-side to this topic of consent violations: consent compliance is a key opportunity to show users that you respect their data. Consider consent management a chance to build trust with your users, an increasingly precious asset across industries.

Understanding user consent throughout your company's data flows is essential to any privacy compliance ops. When done successfully, users have a seamless experience in exercising their consent rights, and you rest assured that your data systems indeed follow users' specific preferences.

A Seamless User Experience

Any modern privacy solution depends on clear communication. To distill complex legal and technical requirements into plain terms, teams must prioritize clarity in designing the consent process for users. While simplicity and clarity might seem at odds with the importance of being specific in listing all of your intended use cases for users' data, you can strike the needed balance.

As a part of your consumer applications, asking for consent should be user friendly and reflect your company's brand. Just like any other aspect of the customer success process, consent management is an opportunity to build users' trust.

Championing User Consent

Quasr empowers users and companies alike to make user consent accessible. Nowadays businesses expect consent management to be part of their authentication flow. And they are right!

With a focus on simplicity for end-users, Quasr allows your company to build embedded consent management easily that combines understandable consent requests with transparent explanations.

A longtime user wants to change their existing consent preferences? That's no problem. Quasr allows you to create your own branded user portal where your customers can adjust their preferences.

Do you have any questions or concerns about how Quasr handles data privacy?

Contact Us

About Quasr

Quasr is a SaaS (Software-as-a-Service) company in the cybersecurity space, in particular in Customer Identity & Access Management (CIAM).

Quasr allows developers to add authentication and privacy capabilities to their applications without having to be security experts, while offering the best user experience (UX) to their end customers.

Contact Quasr

Quasr B.V.
New Yorkkaai 93, Bus 502
2000 Antwerpen, Belgium