Personal data guardian. A new role.

Image of your Consent Record which helps you become your own personal data guardian. Data controllers and processors are starting to realise some of the implications of GDPR (the new General Data Protection Regulation – which was enacted 25th May 2018). One of these implications is that your role has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely?

The premise is that due to GDPR citizens/customers/users now have new rights. Specifically the right to know what personal data you process, and the right to be forgotten. Which means that ownership of personal data is the individuals, you are simply a custodian and guardian of this data whilst it is in your domain.  Not forgetting the need to get consent to process personal data in certain circumstances.

Organisation-wide impact

This change in responsibility for personal data has an impact across an organisation. As previously held norms no longer apply, previous assumptions are no longer valid. The impact of GDPR will be widespread. It should though, lead to improved security and confidence in organisations that process our personal data.


Protection is the key word in GDPR.  Protecting data is fundamental which is now motivating organisations to know what personal data is being processed, for what purpose. Organisations also need to know where that data is being processed, who has access to this data and for what purpose(s) are they using that data. Once an organisation has completed this assessment (called the Privacy Impact Assessment – aka the PIA) it is now in a great position to become GDPR compliant.

Not Just a tech thing

Compliance, however, is not all about technology. It should be more about training, culture change, process change and a more transparent relationship with your customers. GDPR is a massive business opportunity.  Because it give you:

  • A chance to engage.
  • An opportunity to build trust in your brand.
  • Permission, with the customer’s consent, to know even more about your customer
  • A better chance of making your customer happy
  • All at the same time as improving your operational effectiveness.

Post PIA Actions

Where though do you start? Post the PIA, organisations will be focusing on legitimate interest to process personal data and have a clear privacy policy. Plus ensure the house is in order in terms of process, security and the staff know about GDPR and their responsibilities.

Direct Marketing needs a fix

One outlier will need a new fix. This is a need to have consent for direct marketing purposes. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.  What you need is…

Consent Management Platform

…a consent management thing.  You need a service that enables an organisation to easily deploy a web plugin, that is run in the user’s preference centre, or as part of the sign-up process to your brand. Consentua is this service.  It describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Tell me more about Consentua!

Consentua is made up of the following:

  • An easy to use framework accessible via a dashboard, used for the creation of your own consent templates, accessing your dedicated & secure client consent service(s).
  • Connects to a secure, highly available data repository which stores your user’s consent receipts.
  • Users interact with the API via a series of SDKs available for iOS/Android/Web.

Simply put it is a standards-based consent hub.  Which provides an organisation a single consent repository, who they choose can access the receipts stored there, be they internal or external actors. The consent receipt (based on the Kantara Initiative Standard) is the audit point for GDPR consent compliance.

Flexible Control

The API provides a really flexible consent service that puts you in control over the personal data being requested.  Whilst at the same time giving the end user real choice and control over how their personal data is used.   Consent engagement builds trust and allows an organisation to grow their scope of purpose for the different types of personal data being used.  This is a  demonstration of being a good personal data guardian.

Consentua helps Personal Data Guardians

To wrap up, in this new post GDPR world, organisations need to focus on protection, transparency and building trust.   They are now temporary guardians of their user’s personal data, which means they will need to work hard to earn this trust as the user is now in control.   Anything that can make that transition to the new role easier should be embraced with open arms.

To know more about Consentua, go to or

Article updated 29th May 2018 to take into account the enactment of GDPR