OneTrust has added consent management and consent preference management in a platform for marketers that came out of Beta early March 2018. How the OneTrust consent management solution can make life easier for marketers and fits in attaining GDPR compliance.
Consent and consent (lifecycle) management are among the toughest parts of the General Data Protection Regulation (GDPR) in practice. Under the GDPR consent is one of the legal bases for lawful processing of personal data.
Establishing and documenting the validity of consent is among the most widely discussed topics for marketers ahead the impending overhaul of EU privacy laws (OneTrust CEO Kabir Barday)
On top of ‘regular’ consent, as one of those legal bases, there is also a requirement for explicit consent in specific circumstances, with a de facto narrow line between both.
Gaining consent (or regaining it as often happens in marketing where quite some companies do ask consumers to re-consent) as such is already hard for many organizations with still quite some confusion and uncertainties as we noticed when participating in a recent data protection officer roundtable (more about that below). Moreover, getting people to consent or reconsent of course is just part of the full consent management or consent lifecycle management picture.
Consent management remains a challenge
Consent management encompasses various ‘tasks’ and aspects. By way of example: when consent is the legal ground, a data subject can withdraw consent, on top of his/her several other data subject rights such as the right to data portability and right to erasure, to name a few.
Moreover, it’s up to the data controller to demonstrate that consent has been given and is valid (in practice meaning an audit trail of who consented when, how, why and via which message and information regarding the purpose which on top needs to be expressed in a clear and informed, unambiguous way).
And there are several rules to take into account that all have an impact of consent management besides those just mentioned. Consent should be specific and granular (per purpose), distinguishable from other matters, tied to the purpose (so when the processing purpose changes, the consent needs to be asked again) and limited, to name a few.
All this is extremely hard for many organizations with granularity being just one of many challenges to implement consent management mechanisms in practice and consent in the scope of marketing being a major headache, also since we interact with consumers via so many channels for so many purposes nowadays.
Moreover, it’s not just about GDPR compliance. It’s clearer and clearer that with the ePrivacy Regulation consent will be needed in several marketing conditions, especially but not solely via electronic channels.
Today, @OneTrust announces Universal Consent & Preference Management, a new solution to manage the consent lifecycle and remain accountable to #GDPR and #ePrivacy obligations. Register for our webinar here: https://t.co/dqV6ZeczKG pic.twitter.com/DARmQlRviw
– OneTrust (@OneTrust) March 6, 2018
Consent management tools: the OneTrust consent management and consent preference management solution
There are ample consent management solutions and tools, some specifically built for compliance with privacy and data protection laws, others part of master data management (MDM) solutions (of which some have consent management features), several in the sphere of identity management (with consent management features too), still others as part of broader compliance solutions, the list is long.
With consent management applications being one part of the overall stack of GDPR technologies and consent being a major concern in marketing, there isn’t a one-size-fits-all solution. Is there ever?
Yet there is definitely a growing interest for consent management applications which often fit in an integrated modular offering of personal data protection and privacy management software. One of the providers of such an offering is OneTrust. It’s of course been around since quite some time and as it happens we also use it for our cookie consent and website scanning.
The OneTrust Universal Consent and Preference Management consent management workflow in a nutshell – source, courtesy and more information OneTrust
OneTrust also provides other solutions such as a subject access request portal (enabling data subjects to exercise their rights and companies to deal with those requests) to name just one and OneTrust’s Universal Consent and Preference Management application has been available in Beta since some time, featuring in the OneTrust dashboard.
On March 6, 2018 and, as it happens while we were writing an article on consent management tools and applications, OneTrust announced that it has officially launched its Universal Consent and Preference Management solution.
OneTrust’s consent management platform particularly of course focuses on marketing departments. It integrates into existing marketing and IT technologies, enabling marketers to manage the full consent lifecycle, from collection to withdrawal as the press release on the launch of the OneTrust consent management platform states.
With OneTrust serving as the central consent database it can be adapted to different consent models, frameworks, sectors and jurisdictions. The platform also takes into account the various means through which consent is acquired, from in-person interactions, paper forms, via phone and mails to web forms, apps and the likes.
Moreover, as the name Universal Consent and Preference Management indicates, the OneTrust consent management platform is also a consent preference hub granting data subjects visibility and control over marketing communication settings.
As a marketer you undoubtedly know what an email preference center is. Think of a consent preference management center as an updated version of that good old concept but instead you allow contacts to set preferences on what types of communications they want to receive via which channels, at what frequency and so forth. And when they fully opt out it’s as if they unsubscribe. And as any decent marketer knows that’s not just a legal right but there is also little sense in blasting mails to people who are disengaged anyway.
Integration of the OneTrust consent management platform and the marketing technology stack
The marketing platforms with which OneTrust Universal Consent and Preference Management can integrate more or less cover the full marketing technology stack, from Web content management systems (including the more common and simple WCMS applications from Joomla and Drupal to even WordPress) and marketing automation platforms (with, among others Marketo, SilverPop, Eloqua and SalesForce’s Pardot) to customer relationship management, data warehouses and identity management applications.
OneTrust Consent Management now out of the Beta stage
There are two editions of OneTrust Universal Consent & Preference Management. The standard version supports up to 20 collection points and most features, including (obviously) the central consent and preferences databases, enterprise application integrations, reporting and more.
Creating reports regarding changes in consent is of course not just important from the regulatory perspective but also for marketers themselves who can dispose of reports to gauge their efforts and levels of engagement.
In the enterprise version the number of collection points is unlimited, you get a sandbox environment and enterprise SLA, dispose of roles-based access controls, have over 35 supported languages (standard offers English and an additional language) and get 10 OneTrust Certification exams.
While the standard version is available via the cloud (with options for cloud hosting in the EU or in the US), additional hosting options are offered in the enterprise version (private cloud and on-premises).
OneTrust Universal Consent & Preference Management is part of the marketing and web compliance tools of the company which further include the mentioned data subject access rights portal, the cookie consent and website scanning and policy and notice management.
Cookie consent and website scanning is free for one site (as previously announced in collaboration with the IAPP). The other modules have separate pricings. All OneTrust tools, including OneTrust’s privacy program management tools, are accessible via the same dashboard.
Consent receipts in the new OneTrust Universal Consent Management and Preference Management – picture source and courtesy OneTrust
Consent management at a granular level
At the previously mentioned data protection officer roundtable it wasn’t just clear that consent management is still a headache but also that there definitely is an appetite for consent management platforms as OneTrust now also offers one.
It does make life much easier participants agreed, certainly given the difficulty of consent and consent management with all associated duties and tasks.
OneTrust’s ability to deliver innovative solutions that address specific needs for marketers demonstrates our commitment to simplifying compliance throughout the entirety of an organization (OneTrust CEO Kabir Barday)
Just in case of doubt: there are not that many companies that offer consent preference at the type of granular level platforms like that from OneTrust enable. Some go even further but those are the real exceptions (and how many checkboxes can one bear?). The kind of granular consent settings mentioned above (type of communications, channls, frequency,…) and offered by solutions such as the new OneTrust consent management and consent preference management solution are typically mentioned as examples of excellence on websites and at conferences, also at the mentioned DPO round table…
The data protection officer roundtable took place at the occasion of the launch of a series of DPO conferences with the first one starting in Brussels, Belgium, in April.
More about the OneTrust consent management and consent preference management platform in the press release and the video below. A more recent video and details about the platform here.
Top image: Shutterstock – Copyright: garagestock – All other images are the property of their respective mentioned owners. Although the content of this article is thoroughly checked we are not liable for potential mistakes and advice you to seek assistance in preparing for EU GDPR compliance.