ARCHITECTURE

Provisioning + Invite

The initial process is to provision the GDPR authority with the personal infos stored in your database.
This is the duty of a custom connector linked to your database.
Every contact registered will receive an invitation from the GDPR authority to approve consent for your application to access his personal infos as defined in the GDPR license.

Authorization notification

Once the individual approve consent on the condition and terms of the GDPR license protecting his personal infos,
your application will receive a notification trhough the custom connector linked to your database.

Probe authorization

Your application will probe authorization against the GDPR authority to check that your application is still accredited to access+process+store personal infos of the contact (not expired, not revoked).

Expiration

GDPR involves the concept of expiration for authorization to store, access, process personal infos.
When probing authorization against GDPR authority for a specific contact, it may occur that the authorization has expired.
In this case, your application may request on-demand the GRDPR authority to invite the individual to renew its approval consent for your application to access his personal infos.
Once the individual renew authorization, your application will get notified through the custom connector linked to your database.

Automatic invite to renew consent when approaching expiration date

GDPR involves the concept of expiration for authorization to store, access, process personal infos.
Based on the policy your application requires, on near-expiration date, the GDPR authority will invite the individual to renew its consent previoulsy granted to your application to access his personal infos.
Once the individual renew authorization, your application will get notified through the custom connector linked to your database.


 

Pseudonymization

The purpose of "Pseudonymization" is to be able to share between applications, a reference to a ContactID in an obfuscated manner.

Secondary applications will be able to resolve contact details on-demand based on the PseudoID. The individual will be invited by the GDPR authority to approve consent for the secondary application requesting to resolve contact details from the PseudonymID of the contact.

Verification

Another aspect of GDPR is the ability for a contact to request from an enterprise to provide what personal information is stored in their system. This is the role of the GDPR authority to authenticate the request from a contact, submit this request to the enterprise through the application connector, and notify the contact about the consent infos obtained from the enterprise.


 

You may have questions before starting integration process to conform to GDPR,
feel free to ask your questions through the contact form.

 

En poursuivant votre navigation sur ce site, vous acceptez l'utilisation de cookies pour vous proposer des services et offres adaptés à vos centres d'intérêts. For more information