When you enter data on behalf of another person, you must ensure that you ask them for their consent to process their data, and if you wish to contact them with marketing materials, then you also need to ask them explicitly if they would like to receive marketing materials and, if so, by which channels.

For example, if you are on a phone call with a prospect, then you must explicitly ask them for consent to process their data and for consent to send them marketing materials, and then you need to record their consent.

Consent must be freely given to you. You can obtain consent in several different ways: verbally, from third parties, by email, and so on. You must always ensure that the consent you have received from users is acceptable and that you have a record of their permission to process their data. What constitutes as acceptable consent is up for interpretation and will depend on the individual, your university's policies, your country's data protection authority and the GDPR.

When creating a profile for a data subject you must record their data processing consent, their marketing consent and the source and date of their consent, like so:

Similarly, when importing profiles you have the same requirements as when creating a profile. Please note when importing, that all of the data subjects contained in the file being imported must have the same consent, since it is only possible to specify the consent for the whole import file instead of row by row. If you have data with separate consents you must import these files separately.

If someone contacts you and asks you to update their consent and you already have their information in an existing profile, then you can record their consent by following the steps below.

1. Go to the person's profile

2. Click on the Advanced tab

3. Click on the Policies tab

4. Click Add policy agreement

5. Fill in the pop-up according to the onscreen directions, remaining faithful to what your user prescribed

6. To submit when you’re done, press Add agreement

Auditing

FULL FABRIC keeps an audit of processing consent, which is available for consultation in the user's profile, more specifically in the aforementioned Policies tab. Refer to the article Reviewing the consent a person has given for more information on this.

Did this answer your question?