Consent Management: Fundamentals
In this tutorial, we'll briefly walk through what consent management is, how consent is served, why it's important, and how to automatically serve the approriate notices and gather consent for your users.
After reading this, you'll be familiar with the key terms and concepts of consent management.
Consent in the context of data privacy and data governance is the need to collect consent from your visitors (data subjects) in order to process their data.
For your organization to correctly comply with data privacy regulations, you must ensure that you:
- Serve your users the appropriate notices for how you process their data and,
- Ensure that you collect a record of consent, where it's necessary based on location, and
- Enforce consent on all internal systems, business processes, and third party vendors.
The full definition of consent under the GDPR is complex to understand but a helpful way to think of it might be defined as:
Consent is a clear indication by a Data Subject that they clearly understand and agree to the processing of their personal data for a specific use.
To simplify and further automate consent, Fides breaks configuration into three components:
- Privacy Notices: the text notification presented to your visitors about your data processing activities.
- Methods of Consent: the type of consent you must collect, depending on the visitors location.
- Privacy Experiences: the way the privacy notice and consent are displayed to the visitor on your website.
In the following pages, we'll break down privacy notices, methods of consent, and privacy experiences.