Consent is the explicated permission of the Data Subject to have / use their personal data.
Data Subjects are natural persons, e.g. consumers, employee-consent, vendors, consultants.
Data retention shall be based on legal and privacy concerns versus economics and the need-to-know.
The requirement on consent are increased under GDPR. It is needed, when other grounds cannot be applied (main other grounds: legal obligation, contractual obligation) and business still have an interest to have / use it.
When reviewing and updating the Consent Management e.g. the following actions shall be considered:
- Identify current cases / channels of consent, via the Data Collection
- Assess if cases of consent can be reduced
- Review consent statements (today and new proposed)
- Operationalize a new EU (later potentially Global) consent management IT tool
- Update consent policies and procedures
- Consider to stop / change processing, where applicable
- Gain new consents, where required
- Consider actions in area of retention
Requirements on IT-systems to perform Consent Management could contain the following:
- Tracking of consent given per Data Subject
- Support that for different websites/shops/app’s, different selected consent can be handled
- Support (other system performing) mass mailings
- Multi language support
- Version handling
- Expand button, in case consent language is long
- Preference center to manage all consents by data subject, incl withdrawal
- Reporting on consent
- Combine multiple channels, and work with 1 consent (one consumer can have an oven and a vacuum cleaner)
- Multi branding
Wikipedia has (April 2020) a healthcare focused definition on Consent Management.