If using the Consent Approach, the Consent and Permission studio gives a constant overview of the status of consent for all the Candidates and Contacts an Agency is working with.
The ICO states “When you obtain personal data from a source other than the individual it relates to, you need to provide the individual with privacy information:
- within a reasonable of period of obtaining the personal data and no later than one month;
This studio is therefore useful in monitoring Individuals where you need to gain consent to process their data within one month of receiving it.
Within My Studios, select the Consent and Permission. The studio has 2 widgets, one each for Candidates and Contacts. Use the usual filters to display by Region, Office, Team and Consultant.
Note: To aid performance, the Candidate Consent Studio widget initially only loads Candidates with a status of Registration Incomplete.
Additional filters allow users to show people not contacted within the:
- Last month
- Last 3 months
- Last 6 months
- Last year
- Last 2 years
Use this filter in conjunction with the Consent Obtained Flag to show who you have not contacted in the last ‘month’ where you don’t have consent, perhaps for new Candidates. The Consent Flag column will show a ‘N’ against those where consent has not been obtained.
This will be your trigger to run the Consent/Permission Request workflow. This can be run in batch from this studio. Select the Candidates required, then use Batch, Request Consent:
Note: Users can monitor the expiry date of the consent using the Expires On column. When the expiry date is close, users can choose to run the Refresh Consent workflow in batch in the same way. When an expiry date has passed, it will be highlighted in red.
When ready to record consent, users can run the Record Consent/Permission workflow from this studio. Use the icon:
against each person line.
Users will be able to display various metrics such as: -
- Date Consent Recorded
- Permission Date (when Other Processing Method such as Legitimate Interest is logged).
- Date Last Contacted
- Home or Work Phone and Mobile numbers
- Access Request Sent (link to the GDPR Portal sent to the Individual)
- Expires On (this is the date set by the user when running the Record Consent/Permission workflow)