The Basics

DataGuard Consent & Preference Management provides a cloud-scale, GDPR-compliant single source of truth for processing citizen personal data. The data model handles permissions and marketing preferences to help understand customer needs, boost engagement and enrich their experience.

The platform is built using a granular (RESTful) API-first approach with bulk file upload/download capability, and real time messaging via webhooks to allow a wide range of integrations with third party client systems.

Our JavaScript and iframe-based embeddable widgets promote transparency and empower your customers to manage their own options. We also provide a call centre style UI to simplify the collection of compliant permissions by your organisational users.

Complex data landscapes can be accounted for using a Single Customer View (SCV) integration with our linked citizens API to provide an accurate, centralised record for any individual.

Purposes

🚧

Lawful basis is required

Processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing. While being one of the more well-known legal bases for processing personal data, consent is only one of six bases mentioned in the General Data Protection Regulation (GDPR). The others are: contract, legal obligations, vital interests of the data subject, public interest and legitimate interest as stated in Article 6(1) GDPR.

Our consent data model handles all six lawful bases defined in the GDPR, and is built around the ‘5W’ framework:
(1) What data is being collected
(2) Who is using/has access to the data
(3) Why the data is being collected for each purpose
(4) When the permission was updated
(5) Where the permission was captured

Before setting up DataGuard's Consent & Preference Management, you first need to identify your specific use-case. This involves determining the different reasons, or 'purposes', for which you'll be collecting user consents and preferences.

When you start the setup process, the first step is to create these 'purposes'. As part of this, you'll specify the various channels—such as emails, SMS, or apps—you plan to use to connect with your users. These channels will be tied to the specific purposes for which you're gathering consents and preferences

When you're setting up DataGuard Consent & Preference Management, your organization's Data Protection Officer (DPO) should be involved. They'll help figure out how the allowed 'lawful bases' relate to each 'Who-What-Why' combination. At DataGuard, we usually call this a purpose that includes the 3W. If there's a time limit for how long the consent for a purpose is valid, the DPO or someone else who knows the rules well can set this.

A purpose is configured by adding the Party (name of the organization collecting the data), Channels, the lawful basis for which you collecting the consent and finally the expiry period (if applicable) for that consent. This forms the cornerstone of your ability to accurately relay to a citizen what data you hold, what you use it for and who it is shared with. The configuration is used in each transaction as a mechanism to create a clear audit trail.

The When & Where for each consent is recorded automatically if using our widgets and UIs, or can be specified in the appropriate fields for transactions being logged directly via the API.

Preferences

Preferences are your secret weapon to truly understand your customers. They can reveal a customer's favourite communication channels, how often they want to hear from you, and what topics they're interested in.

By gathering preferences alongside consent, you give customers the chance to tell you what they care about. While there's no legal requirement to use this information, it's a golden opportunity to customize your customer interactions and boost engagement.

The Preference Configuration User Interface in DataGuard's Consent & Preference Management platform makes it easy for you to create and edit these preferences. Plus, its user-friendly design gives you a clear view of all the information.