Managing Consent

Consent Management in Open Cloud MDM enables the capture and administration of user consents in compliance with various data privacy and protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This feature allows for the handling of active or inactive individual consent records, whether stored within Open Cloud MDM or external systems.

Effective from May 25, 2018, GDPR mandates that organizations globally obtain consent from EU citizens before processing their personal data. For further details, refer to the official website at www.eugdpr.org.

Similarly, CCPA, effective January 1, 2020, requires organizations handling personal data of California residents to obtain their consent. This act empowers residents with rights to information about data collection, disclosure, and the choice to opt out of data sale, alongside access to their personal data.

In this context, the term "individual" refers to the person owning the personal data and consent. This term is consistently used across Consent Management documentation.

Consent is explicitly linked to a specific processing purpose, such as marketing or healthcare. Each purpose is tied to one or more processing activities, defining the treatment of personal data, like storage or dissemination.

Individuals may consent to all purposes and activities, or choose to limit their consent. For example:

1. Customer A: Currently uninterested in any new hardware right now but agrees to be asked again one year later.
2. Customer B: Wants to receive newsletters regarding new business magazines on his private email address only.
3. Customer C: Wants to receive an email when a new Apple iPhone is available. However, because customer C is only 12 years old, you need the consent of a parent.
4. Customer D: Wants to receive a phone call when a new Mercedes AMG or Range Rover Vogue is available but refuses to be contacted via her business phone number.
5. Customer E: Looking for a new property, agrees to his contact data being forwarded to specific real estate brokers.

Consent Management facilitates the handling of these varied consent requirements. It allows the consolidation of individual consent preferences into a single consent item, specifying applicable regulations like GDPR or CCPA.

A consent item can indicate the consent status, data subject, and the giver or withdrawer of consent. It can denote whether the consent is full (unrestricted) or partial, with limitations on personal data or processing purposes. For partial consent, you can specify included or excluded personal data and add provisions detailing covered items for a processing purpose.

Consent Management provides services for creating and managing consent items and allows users to view and modify consent settings through the MDM Workbench user interface. Integration with the Governance Catalog facilitates the application of business consent definitions within Open Cloud MDM.

Consent Management Data Sources

In the context of Hybrid Master Data Management (MDM) within Open Cloud MDM, the management of consent data is facilitated through three distinct but interconnected models: Physical MDM, Virtual MDM, and integration with External sources. These models together provide a comprehensive and flexible approach to managing consent across various data environments.

1. Physical MDM: This model is linked to the 'physical' parties managed within the Open Cloud MDM system. Here, the term 'physical' refers to the direct and tangible data entries and records that are stored and maintained within the MDM database. These records can be searched and accessed through an attribute-based search mechanism. This means users can locate specific MDM parties (individuals or entities) by querying their attributes (like name, location, contact details) to manage consent related to these records.

2. Virtual MDM: In contrast to Physical MDM, Virtual MDM deals with virtualized data records. These are not stored directly within Open Cloud MDM but are referenced and linked within it. This model offers a more dynamic and flexible approach, allowing the MDM system to connect with and reference data from multiple disparate sources, presenting a unified view. These virtual MDM records can be searched and accessed either through their attributes or by using a specific record ID. The Consent Management user interface in the MDM Workbench displays consent items related to these virtual records, enabling users to manage consents for data that is not physically held within the Open Cloud MDM system but is crucial for business operations.

3. External Sources: This aspect of Hybrid MDM involves managing consent for data subjects whose profiles are outside the Open Cloud MDM system. These external sources can be other databases, applications, or cloud services that contain relevant data but are not directly controlled or accessed by Open Cloud MDM. Due to this separation, Open Cloud MDM cannot directly query or manipulate the profile information within these external systems. However, it can manage and display consent items associated with external identifiers. This functionality is crucial for organizations that operate across multiple data platforms, ensuring that consent management remains comprehensive and compliant with various data governance standards, despite the decentralized nature of the data.