Sign in

High level description of service components

Permissions Store

Purpose:

  • The “source of truth” providing what a user has given permission to in terms of processing and sharing of data

Main goals:

  • Store and manage permissions (consent & objections)
  • Provide a unified view (state) of what processing is allowed for a specific user based on given consent (purposes & data types) + accepted objections to processing

Dependencies on other components:

  • Notification service:

    • Once a consent is given or revoked, as well as objections to data processing is accepted and stored, we need to notify clients so they can act on these changes.

Privacy Registry

Purpose:

  • A registry of

    • processing purposes
    • data objects affected by these purposes
    • if the data objects are shared with third parties
    • retention
    • and what legal ground is tied to them.
  • This information is needed for

    • creating compliant dialogues with end users during consent gathering
    • show the data processing purposes for a service on the privacy management portal (allowing for revoke/give consent, objection of legitimate interest purposes and for transparency requirements by GDPR)
    • for service providers to comply with GDPR, the registry will function as a record of processing activities (art.30)

Main goals:

  • Store and manage data processing purposes, data objects and parties related to these purposes (controllers, processors, recipients, etc)

Notification Service

Purpose:

  • Solve synchronisation and communication needs between services and systems by notifying clients and users of the platform when data changes (consent, profile data, etc)

Main goals:

  • Provide notifications of changes/actions through APIs, event streams or web-hooks to clients
  • Manage different types of messages (fire & forget, retries, payload context, etc)

Privacy Requests Service

Purpose:

  • Store and maintain status of requests from end user to services (data subject right requests)

    • Consent changes
    • Objections to data processing purposes
    • Requests for data access/portability and erasure

Main goals:

  • Store and provide message content and status of data subject requests

Dependencies on other components:

  • Notification service:

    • The notification service must maintain a link between requests and responses from services, updating the status of the requests (acknowledged, pending, completed).