GuidesAPI ReferenceSign-UpRecipes
Guides

Permissions

Suggest Edits

Permissions in DataGuard CPM represent the current state of a Citizen's consent for specific Consent Purposes. They play a crucial role in determining how you can legally process a Citizen's data at any given time, based on their most recent consent decisions.

What Are Permissions?

Permissions define what a Citizen has agreed to or declined regarding the processing of their personal data. Each Permission is tied to a specific Consent Purpose and reflects the present consent status. It’s important to note that Permissions focus solely on Consent Purposes and do not include Preferences, which are managed separately within the platform.

How Permissions Are Managed

Updating Permissions

  • Transactions: Permissions are updated by making Transactions within the platform. When a Citizen consents to or withdraws consent from a specific Purpose, a Transaction is recorded, which updates the corresponding Permissions.
  • Metadata: Permissions contain most of the metadata provided with the Transaction, such as timestamps, lawful basis, and channels used. This metadata can be used for tracking the history and context of each Permission.

Permission States

Permissions can exist in several states, depending on the lawful basis of the Consent Purpose:

  • Consent-Based States:

    • Granted : The Citizen has given consent for the specified Purpose.
    • Denied: The Citizen has explicitly declined consent.
    • Pending: Used when a double opt-in process is in place, indicating that the Citizen's consent is awaiting confirmation.

  • Other Lawful Basis States:

    • Claimed: The organisation asserts a lawful basis for processing, such as Legitimate Interest.
    • Objected: The Citizen has objected to the processing under a lawful basis like Legitimate Interest.
    • Objection-Upheld: The organisation has acknowledged the Citizen's objection, and the processing has been halted. (See the Objection Management page for more details.)

Expiry of Permissions

Permissions can have a ValidUntil date, which specifies when the Permission expires. If the ValidUntil date is in the past, the Permission is considered expired and is no longer valid. Expired Permissions should be treated as being in a "no justification" state, meaning that marketing or data processing under that Purpose is no longer consented.

Calculating the Active Permission

To determine the active Permission for each Consent Purpose for a Citizen, a calculation is run that considers various factors to ensure the most accurate and legally compliant state is reflected:

  • Obtained At Date: The primary factor is the "obtained at" date, which records when the Citizen's consent or decision was obtained. The most recent "obtained at" date determines the current state.
  • Tie-Breaking Criteria: If two Permissions have the same "obtained at" date, the following fields are used to break the tie:
    • Valid From: The latest valid from date is given priority.
    • Valid Until: The latest valid until date is considered next.
    • State: If the dates are identical, the state is considered, with precedence given alphabetically.
    • Lawful Basis: Finally, the lawful basis is used as the last tie-breaker.

This multi-step calculation ensures consistency in determining the active Permission for each Citizen.

Accessing Permissions

The current state of Permissions can be accessed in several ways:

  • Permissions and Preferences Store: The Permissions and Preferences store endpoint provides direct access to the current Permissions for a Citizen.
  • Data Export: Permissions can be exported for analysis or record-keeping using the export file feature.
  • Webhooks: Permissions are also sent over webhook to marketplace integrations and custom integrations, ensuring that all connected systems have the most up-to-date consent information.

Permissions are a vital component of the DataGuard CPM platform, providing a clear, audited record of each Citizen's consent decisions. By understanding and correctly managing Permissions, you ensure that your organisation remains compliant with data protection regulations while respecting the choices of your users.

Updated about 2 months ago