Personal data guardian. A new role.

Image of your Consent Record which helps you become your own personal data guardian. Data controllers and processors are starting to realise some of the implications of GDPR (the new General Data Protection Regulation – which was enacted 25th May 2018). One of these implications is that your role has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely?

The premise is that due to GDPR citizens/customers/users now have new rights. Specifically, the right to know what personal data you process, and the right to be forgotten. This means that ownership of personal data is the individuals, you are simply a custodian and guardian of this data whilst it is in your domain.  Not forgetting the need to get consent to process personal data in certain circumstances.

Organisation-wide impact

This change in responsibility for personal data has an impact on an organisation. As previously held norms no longer apply, previous assumptions are no longer valid. The impact of GDPR will be widespread. It should though, lead to improved security and confidence in organisations that process our personal data.


Protection is the keyword in GDPR.  Protecting data is fundamental which is now motivating organisations to know what personal data is being processed, and for what purpose. Organisations also need to know where that data is being processed, who has access to this data and for what purpose(s) are they using that data. Once an organisation has completed this assessment (called the Privacy Impact Assessment – aka the PIA) it is now in a great position to become GDPR compliant.

Not Just a tech thing

Compliance, however, is not all about technology. It should be more about training, culture change, process change, and a more transparent relationship with your customers. GDPR is a massive business opportunity.  Because it gives you:

  • A chance to engage.
  • An opportunity to build trust in your brand.
  • Permission, with the customer’s consent, to know even more about your customer
  • A better chance of making your customer happy
  • All at the same time as improving your operational effectiveness.

Post PIA Actions

Where though do you start? Post the PIA, organisations will be focusing on legitimate interest to process personal data and have a clear privacy policy. Plus ensure the house is in order in terms of process, security and the staff know about GDPR and their responsibilities.

Direct Marketing needs a fix

One outlier will need a new fix. This is a need to have consent for direct marketing purposes. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.  What you need is…

Consent Management Platform

…a consent management thing.  You need a service that enables an organisation to easily deploy a web plugin, that is run in the user’s preference centre, or as part of the sign-up process for your brand. Consentua is this service.  It describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Tell me more about Consentua!

Consentua is made up of the following:

  • An easy-to-use framework accessible via a dashboard, used for the creation of your own consent templates, accessing your dedicated & secure client consent service(s).
  • Connects to a secure, highly available data repository that stores your user’s consent receipts.
  • Users interact with the API via a series of SDKs available for iOS/Android/Web.

Simply put it is a standards-based consent hub.  This provides an organisation with a single consent repository, which they choose who can access the receipts stored there, be they internal or external actors. The consent receipt (based on the Kantara Initiative Standard) is the audit point for GDPR consent compliance.

Flexible Control

The API provides a really flexible consent service that puts you in control over the personal data being requested.  Whilst at the same time giving the end user real choice and control over how their personal data is used.   Consent engagement builds trust and allows an organisation to grow its scope of purpose for the different types of personal data being used.  This is a  demonstration of being a good personal data guardian.

Consentua helps Personal Data Guardians

To wrap up, in this new post-GDPR world, organisations need to focus on protection, transparency, and building trust.   They are now temporary guardians of their user’s personal data, which means they will need to work hard to earn this trust as the user is now in control.   Anything that can make that transition to the new role easier should be embraced with open arms.

To learn more about Consentua, go to or

Article updated 29th May 2018 to take into account the enactment of GDPR.