Alignment to GDPR
Two stand-out capabilities
The GDPR brings a significant shift in data responsibilities. All organisations – public and private, big and small – must ensure they hold personal data both securely and strictly in accordance with the consent granted by the individual concerned or another lawful basis that has been documented and communicated to them. The organisation’s brand will live or die by being able to achieve this.
That’s why, at its heart, Consentric has two stand-out capabilities that align to the GDPR.
Consentric’s first is the ability to apply our unique 5W framework – a system that records 5 key pieces of data – to every single subject.
What personal data has actually been collected?
Who is using or has access to that data?
Why the data has been collected – its purpose?
When the data was collected?
And, Where the data was captured and stored?
The 6 Ls
Consentric’s second key capability is the means to handle ALL the 6Ls – the 6 lawful bases for processing personal data across an entire organisation and every customer touchpoint.
1: Gaining consent of the data subject
2: Ensuring there’s legitimate interest
3: Performance of a contract
4: Compliance with a legal obligation
5: Protecting the vital interests of a data subject or another person.
6: Ensuring the performance of a task is carried out in the public interest.
How the 5Ws and the 6Ls align to GDPR articles
|GDPR Article||Primary Consentric Function|
|6. Lawfulness of Processing||DPO policy admin, configurable permissions matrix, validity periods|
|7. Conditions for Consent||DPO policy admin, configurable permissions matrix, validity periods|
|9. Processing of special categories of personal data||DPO policy admin, configurable permissions matrix, validity periods|
|12. Transparent information, communication and modalities for the exercise of the rights of the data subject||Permissions statements, privacy policies, citizen and organisation dashboards, audit histories, subject objection capture and handling, right to erasure capture and handling|
|13. Information to be provided where personal data is collected from the data subject||Permissions statements, privacy policies, permission capture widgets, consent receipts, system/channel source codes|
|15. Right of access by the data subject||DPO policy admin, configurable permissions matrix, permissions statements, privacy policies, edit personal data, subject objection capture and handling, right to erasure capture and handling|
|16. Right to rectification||The ability to edit personal data where held on the platform|
|17. Right to erasure (right to be forgotten)||Right to erasure capture and handling|
|18. Right to restriction of processing||Data Subject objection capture and handling|
|20. Right to data portability||Consent receipts, audit history|
|21. Right to object||Data Subject objection capture and handling|
|22. Automated individual decision making, including profiling||DPO policy admin, configurable permissions matrix, validity periods|
|24. Responsibility of the controller||DPO policy admin, configurable permissions matrix, validity periods, audit history|
|30. Records of processing activities||DPO policy admin, configurable permissions matrix, validity periods, audit history|
|32. Security of processing||Selection reporting|
If you’re relying on Legitimate Interest, the right to object to a processing activity should, where possible, be made available electronically. Consentric empowers an individual to achieve this.