BigID adds consent governance capabilities ahead of CCPA

BigID introduced new consent governance capabilities to the BigID platform. The enhancements help organizations correlate consent logs from existing applications with data and people to provide a centralized view of consent without centralizing its collection.

Under the EU’s General Data Protection Regulation (GDPR), consent is one of the principal bases for lawful processing. The regulation requires organizations to obtain consent from data subjects and provide clear language on what data they collect and how it is processed.

Consent is collected natively in web, mobile apps or through third party consent collection products. BigID helps companies bring diverse consent logs under one view without re-engineering applications or having to move data.

According to Gartner, “Consumer confusion and privacy-conscious consumers will likely create a great deal of difficulty for organizations needing to manage consents by constantly providing and withdrawing consent. As privacy regulations continue to change, consent management will creep to the top of the priority list.”

With BigID’s new consent governance capabilities, organizations gain:

• Compliance monitoring and policies, making it easier to identify applications not collecting consent and data subjects whose consent was violated;
• Consent expiry inspection, enabling the discovery of all records of data subjects with overdue consent;
• Data subject access requests, providing proof of consent and the comparison of consent to actual purposes of use;
• Data mapping and records of processing activities (ROPA), to monitor consent collection by application and alert on discrepancies and initiate remediation workflow.

“In order to meet today’s evolving data privacy regulations, like GDPR and the California Consumer Privacy Act (CCPA), organizations need to be able to operationalize consent and integrate consent preferences with data processing and transfer decisions. Today’s consent management products, which essentially act as databases, cannot govern whether consent is honored by applications,” said Nimrod Vax, chief product officer of BigID.

“BigID’s unique approach to consent governance enables organizations to correlate granular consent logs to individual identities and govern that the use of data complies with the consent provided, making consent a practical, proactive practice for data privacy protection.”