The record of processing activities is a document governed by Article 30 of the GDPR. This information is not only intended for potential use by the supervisory authority, but also to ensure an organization has an up-to-date view of the procedures that are in place.
The Data Controller is responsible for this document. It is imperative that both up-to date records and a complete history of the data that has been processed, together with any changes, are readily available. The record must be in written form, including electronic versions.
The Changes of the customer’s consent page within the Contactlab Marketing Cloud Hub module, supports the Data Controller in monitoring Data Subject consent changes over time. However, it is only available to platform users with the appropriate permissions. Contact Contactlab Customer Care for more details.
To view any changes to an individual contact’s consent page, do the following:
- Sign in to Hub, click the Customers tab, and select the appropriate contact on the Customers management page.
The Customer details page displays. - Click the Consent tab.
- The Consent button displays a read-only list of active consent categories for the relevant contact, together with any limitation or objection settings.
- The Registry button displays a timeline of any changes made to consents, the Right to be Forgotten or the Right to Data Portability.
- Click Registry.
An event is automatically generated each time a consent is mapped or modified. These events are stored for the entire duration of the contract between Contactlab and the Data Controller.
The following events can be generated when a consent is changed:
- Disclaimer accepted.
- Consent changed.
- Restriction.
- Right to Object.
- Right to Data Portability request.
- Right to be Forgotten request.
The following information is inserted in each generated event and the timeline:
- Date.
- Customer ID.
- Source.
- Operator ID (if the changes are made using the UI).
- Consent Type (only for changes to consents).