Consent Management is a New Opportunity

Many organizations, especially in the B2C sector, are looking at how to capture and manage Consent data. Some of these organizations see this as a major challenge yet others see it as a massive opportunity. In this blog, I explore these ideas a bit further:

Consent Management: The Challenge

The first challenge for many is around the actual consent capture process. Many organizations are carefully examining their current approaches and some are finding that they’re going to have to rethink how this happens.

Consent Management
Many organizations are carefully examining their current approaches around the actual consent capture process

Some, I’ve spoken to are busy building new capabilities into their mobile apps and web systems to provide a single point of consent capture without having to invent a new process or deploy new technology; others are busy updating forms or creating bespoke systems. I would argue this is probably the easier part of consent management.

The challenge comes when an organization needs to associate the given consent to a specific individual. Sounds like that should be easy, yet many organizations find this difficult as they have personal data on individuals scattered around their business, sitting in business siloes or having different ways of identifying the same individual across systems and processes. It becomes difficult as many organizations have no enterprise-wide view of data about individuals, remembering that by individual we could be referring to customers, employees, clients, temporary staff etc.

The technology to help solve that problem has been available for some time yet many organizations still haven’t embraced this approach. Informatica’s Master Data Management (MDM) platform provides an ideal choice of solution to help address this challenge, something we call Consent Mastering. We can use this technology to associate the captured consent data with a specific individual and hold this in a central location.

Now we’ve got the consent data and we know how it’s associated to a specific individual across the business landscape, our second challenge is accessing the consent data. Having the consent data in one place is great, but we need to consider how to make this accessible to the business applications that’ll need to know this to operate appropriately in this new GDPR world. We have two practical suggestions:

  1. ‘Push’ the data to the systems that need it. Technology is available that can take any new, updated or changed consent data and send it to a wide range of applications that need this to operate effectively. In this scenario, pushing the data towards the applications is only part of the answer – the big question is what will the receiving application do with this data? Many applications, including legacy systems, have no real concept of consent and what it may mean, so these will need to be modified to understand and interpret the consent data sent to them.
    • This approach has the benefit of ensuring consent data is always available in the downstream applications although the data is only as up-to-date as when it was last ‘pushed’ to the system
  2. ‘Read’ the consent data, dynamically, as the downstream applications operate. This will require the downstream applications to be able to call the Consent Master automatically, as part of their regular operations, and read the current state of the consent data.
    • This approach has the benefit that the application will always be reading the very latest and most up-to-date consent data although this does make the Consent Master an operationally business critical system.

Consent Management: The Opportunity

I’ve heard from many in the compliance community that having to ask for consent from individuals will be a major business issue. The issue is the perception that if any organization should go out to its data subjects and request consent for data, that those individuals will say ‘no’ to everything and suddenly the organization will no longer have access to a huge amount of data it may consider critical to its operations. Requesting data for marketing purposes is one possible area that might be impacted. I think this is a negative way to look at this.

I see a scenario where we have two potential ways of turning this into an advantage.

  1. If organizations want to be able to quickly and easily react to the rights of data subjects (i.e. subject access request) then they’re going to need to bring together, through the Consent Master, all the data the organization holds about individuals. For many organizations, this will be a great deal more information than is already made available, especially through many existing Customer 360 programmes.
  2. The needs of consent under an GDPR initiative should be an opportunity for a reconsider of why an individual may, or may not, give their consent for something. I’d argue that many individuals might be tempted to say ‘no’ to a consent request when they don’t see the value in them saying yes. So maybe now is the time for organizations, especially their marketing and communications departments, to relook at what ‘value’ an individual would get and how this would help them to be convinced that agreeing to a consent request is something they’d want to do.

Putting these two factors together means organizations, may, be in a much better position after having requested consents from individuals, than they were previously.

Consent Management is Both a Challenge and an Opportunity

Many organizations are realising that the capture and management of consent data isn’t that straightforward but has some distinct benefits when done properly. To see how Informatica makes consent management simpler and easier, follow the link to our GDPR landing page.