Complianz Privacy Suite

User Consent Registration

Aert Hulsebos

Aert Hulsebos

Categories

Popular articles

Editing Legal Documents

The legal documents are generated by the Wizard and will show up under ‘Pages’ with a shortcode in the content. This shortcode is used to

Read More

CNIL updated privacy guidelines

While the much-anticipated ePrivacy directive seems to be postponed for some years, local Data Protection Authorities formulate their statements, which provide us with concrete guidelines

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

User consent registration for GDPR

Registering consent of opt-ins are mandatory under GDPR (most of the time). There’s a difference between registering consent for cookies and tracking scripts and other services, e.g email marketing. We will have a look at both.

Email marketing, opt-ins and user consent registration

Registering consent for e-mailmarketing is not new. Opt-ins are required by many maildelivery solutions, like Mailchimp, for many years. They went unnoticed and unused for many years, but are now implemented more noticeable since the GDPR became active. For many countries, this didn’t change the privacy laws concerning email marketing and alike, it just shifted focus.

Because e-mailmarketing by design needs an email address (personal data), the consent can be linked to the unique ID (email address) by way of adding a checkbox to a form which clearly states the nature of the marketing efforts. Only when checked is the person allowed to be emailed. This explicit consent can be registered by WordPress, Mailchimp or any other service by adding a column with date & time of consent, next to the email address used to give consent. All respected solutions will have this built-in and can be used and integrated with Complianz.

After consenting to a newsletter, all newsletters should contain the possibility to revoke consent by unsubscribing. Or the user can ask the person responsible for registering consent to remove, access or change their consent. This should all be clearly stated in your Privacy Statement. Consenting to cookies is a bit different. The most important difference is described below:

Registering cookie consent and data minimization

The main difference is that when a user consents to all or a category of cookies, the user is identified by unique ID in their local browser storage (a functional cookie). This will not be identifiable as a unique person (linked to personal data) . This means you can’t change/revoke/access someone’s consent, other than the user who gave consent.

The user should have the possibility to change or remove consent on the webpage by saving their new preferences by revoking their former consent status. In Complianz this can be done on the settings banner, or via the Cookie Policy.

Or the user can remove the cookies in the browser all together, which removes any registration and consent status.

Another GDPR guideline is data minimization, which in short means: you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that much information, but no more. If you are holding more data than is actually necessary for your purpose, this is likely to be unlawful (as most of the lawful bases have a necessity element) as well as a breach of the data minimization principle.

Complianz does not process personal data, because of GDPR guidelines, but it covers user consent registration!

Proof of cookie consent by Complianz. From release 3.1 and up

From release 3.1 onwards we have added proof of consent, which combines user consent registration and data minimization to respect both GDPR and your users.

How it works:

We explained above how user consent registration and data minimization leads to handing full control to the user in the consent management on your website, because you have provided a cookie policy, cookie banner for GDPR and a revoke possibility of their preferences. But how to proof the exact settings when consent was given or revoked?

Proof of Consent by Complianz!

When you make significant changes to your cookie policy, cookie banner or revoke functionality, we will add a time-stamped document under “proof of consent” with the latest changes. If there’s any concern if you’re website was ready for GDPR at a point of time, you can use Complianz’ proof of consent to show the efforts you made being compliant, while respecting data minimization and full control of consent registration by the user.

The document will be generated after one day, when you finish the wizard for the first time and subsequent significant changes.

You will therefore collect different proof of consent documents during your use of Complianz, each with a different time-stamp. In this document a link is provided to explain further details for the user. Have a look for yourself.

How a user can find the time of registration

We have added a manual for users to find exactly their registration time by finding the consent cookie in their browser.

If you have any questions regarding this update, please contact us.

Related articles