GuidesAPI ReferenceSign-UpRecipes
Guides
Start typing to search…

Consent Purposes

Consent Purposes in DataGuard CPM are the foundational configuration that define how your organisation collects and manages legally compliant and auditable permissions from your users. Each Consent Purpose is carefully structured to ensure that all aspects of data collection and usage align with GDPR (or similar) requirements.

Components of a Consent Purpose

A Consent Purpose is composed of three key elements:

  1. Party: This is the entity or organisation that is collecting the consent. The Party component ensures that users are aware of who is requesting their data, which is a fundamental requirement under GDPR.

  2. Purpose: This defines the specific business objective for which consent is being requested. For example, if you want to send marketing to users via email, the Purpose would be “Marketing.” This element clearly communicates to the user why their data is being collected.

  3. Channel: The Channel refers to the means through which you will communicate with the user for the specified purpose. Continuing with the marketing example, if you intend to use email as the medium, then “Email” would be the Channel. This ensures transparency in how the user’s data will be used.

Lawful Basis

Each Consent Purpose must have an associated Lawful Basis for processing data. While multiple lawful bases can be assigned, typically only one is used. The Lawful Basis defines the legal grounds for data processing under GDPR. The available lawful bases are:

  • Consent: The individual has explicitly agreed to the processing of their personal data for a specified purpose.

  • Legitimate Interest: The processing is necessary for the legitimate interests of your organisation or a third party, provided these interests are not overridden by the individual’s rights and freedoms.

  • Contract: The processing is necessary to fulfil a contract with the individual, or to take steps at their request before entering into a contract.

  • Public Interest: The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

  • Vital Interest: The processing is necessary to protect someone’s life.

  • Legal Obligation: The processing is necessary to comply with the law (excluding contractual obligations).

Expiry Period

A Consent Purpose can have an optional Expiry Period, which defines how long the consent remains valid before it needs to be refreshed or expires. This feature allows you to manage the lifecycle of consent and ensure compliance with regulations regarding consent renewal.

Creation and Management

Consent Purposes can be created and managed directly within the DataGuard CPM UI. This allows you to easily configure and update purposes as your business needs evolve. Consent Purposes are also integral to building Templates and are passed to the platform during a Transaction.

Frequently Asked Questions

Can I change the expiry of my Consent Purposes after setting it once?

Yes, the expiry period of a Consent Purpose can be updated at any time through the UI. DataGuard's comprehensive audit trail will track any changes made to ensure transparency and compliance.

Why do I need to create different elements like Party, Purpose, and Channel for creating a Consent Purpose?

These elements—Party, Purpose, and Channel—are required to comply with GDPR. They provide clarity on who is collecting the data, why the data is being collected, and how it will be used. This structured approach ensures that consent is gathered in a transparent and compliant manner.

Updated about 2 months ago

What’s Next

Create your first content template to collect consents and preferences