The Basics

DataGuard Consent & Preference Management provides a cloud-scale, GDPR-compliant single source of truth for processing citizen personal data. The data model handles permissions and marketing preferences to help understand customer needs, boost engagement and enrich their experience.

The platform is built using a granular (RESTful) API-first approach with bulk file upload/download capability, and real time messaging via webhooks to allow a wide range of integrations with third party client systems.

Our JavaScript and iframe-based embeddable widgets promote transparency and empower your customers to manage their own options. We also provide a call centre style UI to simplify the collection of compliant permissions by your organisational users.

Complex data landscapes can be accounted for using a Single Customer View (SCV) integration with our linked citizens API to provide an accurate, centralised record for any individual.

Permissions

🚧

Lawful basis is required

Processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing. While being one of the more well-known legal bases for processing personal data, consent is only one of six bases mentioned in the General Data Protection Regulation (GDPR). The others are: contract, legal obligations, vital interests of the data subject, public interest and legitimate interest as stated in Article 6(1) GDPR.

Our permissions data model handles all six lawful bases defined in the GDPR, and is built around the ‘5W’ framework:
(1) What data has been collected
(2) Who is using/has access to the data
(3) Why the data is being collected for each purpose
(4) When the permission was updated
(5) Where the permission was captured

During the set up of DataGuard Consent & Preference Management your organisation’s Data Protection Officer (DPO) should assist in determining how the permitted lawful bases apply to each Who-What-Why combination (i.e. the first three of the 5W’s), and is commonly referred to at Dataguard as a permission option. If a validity period is applicable to the permission option, this should also be set by the DPO.

The full set of permission options is known as your Permissions Configuration. This forms the cornerstone of your ability to accurately relay to a citizen what data you hold, what you use it for and who it is shared with. The configuration is used in each transaction as a mechanism to create a clear audit trail.

The When & Where for each permission is recorded automatically if using our widgets and UIs, or can be specified in the appropriate fields for transactions being logged directly via the API.

Preferences

Preferences are intended to provide a simple but effective way to enrich the insight you hold on your customers. Examples can include channel preference, frequency of communication and topics of interest.

Preferences allow you to enhance the information you gather alongside consent, giving customers the ability to share their areas of interest. There is no legal obligation to act on this preference information but it will allow you personalise your customer interactions to improve engagement.

The Preferences Configuration UI has been designed to simplify the creation and editing of Preferences within DataGuard Consent & Preference Management, as well as providing a user-friendly view.