Two stand-out capabilities

The GDPR brings a significant shift in data responsibilities. All organisations – public and private, big and small – must ensure they hold personal data both securely and strictly in accordance with the consent granted by the individual concerned or another lawful basis that has been documented and communicated to them. The organisation’s brand will live or die by being able to achieve this.

That’s why, at its heart, Consentric has two stand-out capabilities that align to the GDPR.

The 5Ws

Consentric’s first is the ability to apply our unique 5W framework – a system that records 5 key pieces of data – to every single subject.

What personal data has actually been collected?
Who is using or has access to that data?
Why the data has been collected – its purpose?
When the data was collected?

And, Where the data was captured and stored?

The 6 Ls

Consentric’s second key capability is the means to handle ALL the 6Ls – the 6 lawful bases for processing personal data across an entire organisation and every customer touchpoint.

1: Gaining consent of the data subject
2: Ensuring there’s legitimate interest
3: Performance of a contract
4: Compliance with a legal obligation
5: Protecting the vital interests of a data subject or another person.
6: Ensuring the performance of a task is carried out in the public interest.

How the 5Ws and the 6Ls align to GDPR articles

 

GDPR Article Primary Consentric Function
6. Lawfulness of Processing DPO policy admin, configurable permissions matrix, validity periods
7. Conditions for Consent DPO policy admin, configurable permissions matrix, validity periods
9. Processing of special categories of personal data DPO policy admin, configurable permissions matrix, validity periods
12. Transparent information, communication and modalities for the exercise of the rights of the data subject Permissions statements, privacy policies, citizen and organisation dashboards, audit histories, subject objection capture and handling, right to erasure capture and handling
13. Information to be provided where personal data is collected from the data subject Permissions statements, privacy policies, permission capture widgets, consent receipts, system/channel source codes
15. Right of access by the data subject DPO policy admin, configurable permissions matrix, permissions statements, privacy policies, edit personal data, subject objection capture and handling, right to erasure capture and handling
16. Right to rectification The ability to edit personal data where held on the platform
17. Right to erasure (right to be forgotten) Right to erasure capture and handling
18. Right to restriction of processing Data Subject objection capture and handling
20. Right to data portability Consent receipts, audit history
21. Right to object Data Subject objection capture and handling
22. Automated individual decision making, including profiling DPO policy admin, configurable permissions matrix, validity periods
24. Responsibility of the controller DPO policy admin, configurable permissions matrix, validity periods, audit history
30. Records of processing activities DPO policy admin, configurable permissions matrix, validity periods, audit history
32. Security of processing Selection reporting

 

If you’re relying on Legitimate Interest, the right to object to a processing activity should, where possible, be made available electronically. Consentric empowers an individual to achieve this.