EU General Private Data Protection Regulation requires to obtain a clear and explicit consent from the people you use their data.
The ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her by way of a request presented in clear and plain language.
How can we do?
It's up to you to choose the policy you want to apply. But think about responsibility that means your risks, and of course adapt to your own particular case and data sensitivity.
GDPR - regulation is quite general on 'personal data' and sensitivity talking about data that can permit directly or indirectly, or through mixed, combined data to identify a natural person or to 'profile' it, and data that, if misused, could be detrimental to it, damaging it and have significant consequences.
So name, e-mail address, IP, GPS data, ID's, gender, birth date for example must be considered as personal data, as well as data related to health, politics, sex, religion among others are sensitive personal data.
Where someone consents to the processing of their personal data, you can only process the data for the purposes for which consent was given.
Furthermore, you must give them the opportunity to withdraw their consent.
1 - Use e-Mail tools
Using e-mail template management tool, you can create e-mail templates for this purpose.
This is the most common way used. It is appropriate in very simple and not sensitive cases. For exemple:
- subscription to a news letter,
- by online registration, to confirm acceptance of Term of Services
You will use a single link inside the e-mail template.
Pay attention to the text of your message that must be clear unambiguous about the purpose and data processing.
And it is a good approach to gives the option to withdraw consent.
Caution : by e-mail you cannot be sure about who is really acting. Therefore do not use this way for more important and sensitive cases. As a minimum, proceed by sending a confirmation request e-mail.
Tips & Tricks
As online registration and news letters most often are made on your web site, it's better you send this confirmation and request for consent e-mail using I.M.S. to have all the GDPR stuff and tracking related inside one data management system. By an other way it will be very costly to search passing through all your various chanels and applications, and risk is high you cannot find it and track the timeline of the full procedure.
2 - Select people and send information
Now you can use your templates
- manually : just select the person, a list of people or "all" in I.M.S. List View, Select Send e-mail, Select the template and Send
- automatically : using I.M.S. Automation tool
and the selected people will become the e-mail with template (case of populated with the data you insert in as variable).
Your link must send the data subject's consent back to you, and you must record this event to be able to demonstrate effective and valid consent if needed. Using I.M.S. you can track and have reports, and also you can automate processes to optimize your management system and secure the fact you keep ever in compliance to GDPR.
3 - Use Webform tool
For more complex consent, you can use I.M.S. Webform tool.
It allows to build a full customized form with fields, check boxes, list boxes and input control.
You can implement the webform on your website and thus achieve integration between your website and your data management system.
Before you create your webform, check if you have all data fields you need present in I.M.S.
Remember, you can create in I.M.S. any field you need, as you like.
Tips & Tricks
For existing contacts you need to collect consents from (typically GDPR implementation), use e-mail tool to send them a message as presented here in item 1 with a link to your webform.
I.M.S. Webform tool
4 - Use Customer Service Portal
To build a better experience and provide better services you will use I.M.S. Customer Service Portal.
It offers a permanent, secured direct online access and much more usefull things.
Without any efforts and resources for data communication and consent management, the portal will help to create a real relationship.
You will be sure only the person who have an access / login ID can manage her consents and data communication between I.M.S. and the data subject is encrypted.
Also, your contact have the option for sending online a Service Request (using the "Tickets tool") which can be forwarded automatically to your Data Processor Officer or any department, your help desk or any one.
Advantages are the Ticket tool provides dasboard, reports, alert options and also gives your contact an event driven feedback, follow up. Within the ticket you can see and track events, actions and comments, files and documents attached as well as the status during full ticket live cycle.
A very good, more intelligent and more flexible way to manage your contacts consent.
The bonus is that this tools are natively, perfectly and fully integrated with the entire data management system and his relationship management.
You and the contact can interact, exchange comments, files and work digital, in a safe and uncomplicated way.
You can see above the e-mail Opt-out status for the contact.
Consent Request by Ticket
5 - Use Campaign Tool
For sure you will have various contact types, categories, and probably in various countries. As well as you will have new contacts and existing contacts.
I.M.S. Campaign tool offers you a way to group your contacts as you like to proceed them the right way, i.e. sending the particular webform, the particular consent request, in the local language.
With Campaign you optimize your process and your follow-up as you will use a Campaign to send them as an example a consent request in one click without having to filter, select it in the List View each time.
Campaign offers you also some Campaign reports and time frame, budget, target managing.
Campaign is a tool very useful for bigger, important organizations or to proceed large volumes (i.e. by GDPR implemantation) for workload organization and progress, costs, return monitoring and analyzing.
Tips & Tricks
You can assign each Campaign to an employee or a team to distribute the work, to divide the workers according to scopes, countries, and even to manage performance.
Above a list of people selected to be part of a particular campaign.
Turn the data information obligation (GDPR) to an added value opportunity !
Build stronger relationship.
If you are a larger, more complex organization, or you are processing particularly sensitive data, have some special requirements in your country or have to manage several countries regulation, or have in your industry special regulation and needs (i.e. health, financials, etc...), have appointed a DPO (Data Protection Officer) or your needs are more sophisticated, we offer to use our GDPR specialized application services.