Overview of Consent Management
With Consent Management, you can capture and manage consent as required by GDPR, CCPA, or any other data privacy and protection regulations. You can manage the consent of each person with an active or inactive record that is stored in or outside InfoSphere® MDM.
Starting May 25, 2018, the EU General Data Protection Regulation (GDPR) requires that all organizations worldwide must have the consent of each EU citizen whose personal data they want to process. For more information, see http://www.eugdpr.org/eugdpr.org.html.
Similar to GDPR and other privacy regulations, the California Consumer Privacy Act (CCPA) also requires that organizations that process the personal data of any California resident must gather that person's consent. California residents have the right to know what personal data is being collected about them and whether their personal data will be sold or disclosed to a third party. They must also be given the opportunity to refuse the sale of their personal data and access their own personal data. The CCPA comes into effect on January 1, 2020.
Consent is strictly related to a processing purpose, which is the purpose that the personal data of an individual is processed for, such as marketing, analysis, or health. Each processing purpose is associated with one or more processing activities, which define how personal data is processed, such as storing, recording, or disseminating data.
- Customer A wants to receive newsletters regarding new business notebooks on his private email address only.
- Customer B wants to receive a phone call when a new Lenovo IdeaPad or Apple iPad is available but refuses to be contacted via her business phone number.
- Customer C is not interested in any hardware or software right now but agrees to be asked again six months later.
- Customer D wants to receive an email when a new Samsung smartphone is available. However, because customer D is only 15 years old, you need the consent of a parent.
- Customers E and F agree to their addresses being forwarded to specific car dealers.
With Consent Management, you can handle all of these consent requirements. You can consolidate an individual's requirements regarding one processing purpose in one consent item and specify which consent regulations apply, such as the GDPR or CCPA.
- You can list the personal data that is included in, or excluded from consent. For example, for customer A, you would specify that the private email address is included in the consent. For customer B, you would specify that the business phone number is excluded from consent.
- You can add provisions, which detail the items that are covered by a processing purpose. For example, for customer B, you would add a provision for Lenovo IdeaPads and Apple iPads. For customers E, you would add a provision that lists the car dealers that are allowed to receive the address.
To create and manage the consent items, Consent Management provides services. To view the consent items for an individual and to change specific consent settings, you can also use the consent management capabilities of the MDM AE/SE user interface.
By integrating the Consent Management feature with Information Governance Catalog, you can use the business definitions for consent in InfoSphere MDM.
Consent Management data sources
- Physical MDM - Consent items are associated with physical MDM parties managed in InfoSphere MDM. Users can locate physical MDM profiles using an attribute-based search.
- Virtual MDM - Consent items are associated with virtual MDM records (of any member type) from InfoSphere MDM. In the MDM AE/SE user interface, consent items are also displayed for entities that contain the associated record. Users can locate virtual MDM profiles using an attribute-based search or look them up using a record ID.
- External sources - Consent items are associated with external identifiers. Since InfoSphere MDM does not have access to profile information stored in external systems, the consent management areas of the MDM AE/SE user interface can only show the consent items for an external profile.
Depending on your organization's needs and licenses, you can configure the MDM AE/SE user interface to use one, two, or all three of the above data source types.
- virtual MDM
- external systems
- physical MDM
- virtual MDM
- external systems