The centralized consent point of truth The consent point of truth is a key concept in privacy management, referring to Trust Guardian’s centralized and reliable repository that gathers and stores all consents provided by data subjects and the related privacy events. Read more for your company.
Trust Guardian is our cloud-based consent management platform for centralized management of consents and all privacy events Privacy events encompass all actions and interactions related to the processing of a data subject’s personal information, such as data collection, updates, consent withdrawal, acknowledging a privacy notice, or exercising data subject’s rights. Read more . It integrates with company applications and safeguards all the information and evidence that protect your company in case of disputes or inspections. It manages data retention and offers the Centralized Consent Register, serving as the point of truth for consents within the company.
Are you sure you are collecting all the evidence to defend yourself?
With Trust Guardian consent manager, yes!
A centralized consent point of truth that provides a real-time updated snapshot of all consents and authorizations for processing given or revoked by each data subject, along with the corresponding proof of genuineness that protects you.
The consent register gives you an always up-to-date overview of the consent status of each individual. This is possible because Trust Guardian is modeled on your touchpoints to record what permissions each person gives, denies, or changes their mind about. Not only that! For each of these events and changes, Trust Guardian collects evidence and stores it for 10 years (or a period you define), so you can use it for your defense. These are called proof of authenticity, demonstrating that your company has always acted in compliance with GDPR.
Trust Guardian goes beyond managing consents by covering all 6 legal bases defined by GDPR for data processing. This includes, besides consent, the management of legitimate interest, (pre)contractual processing, and more, ensuring comprehensive and thorough compliance.
In most cases, a company collects data for marketing purposes, such as sending newsletters or profiling, and in this case, the legal basis is consent. However, for example, the Human Resources department collects data from employees or job applicants, and in this case, the legal basis is (pre)contractual obligation. Similarly, the commercial department collects contacts of potential clients, whose data can also be processed on a pre-contractual legal basis (or sometimes under legitimate interest). With Trust Guardian, you can manage all 6 legal bases defined by GDPR, accounting for data retention and expiration dates not only for consents but for all purposes.
Trust Guardian allows you to handle all revocations and objections, not just unsubscribing from newsletters, but considering all requests from data subjects regarding various personal data processing purposes (e.g., newsletters, profiling, third-party marketing, soft spam, etc.).
As a compliant consent managament platform, Trust Guardian precisely manages several purposes. For instance, it is not enough to simply exclude an email address from a newsletter; it is necessary to handle specific requests for rectification or erasure based on the individual consents given (e.g., newsletters, profiling) or in cases where the user exercises their right to object (such as with soft spam, when it is based on legitimate interest).
Trust Guardian provides advanced data retention management , accurately calculating data retention periods for each purpose and orchestrating consents and expirations among various company applications, keeping them always aligned.
Trust Guardian offers advanced data retention management, accurately calculating data retention periods and ensuring that data is kept only for the necessary and legally required duration. This helps maintain GDPR compliance and reduces risks associated with prolonged data storage. The platform also enables the orchestration of consents and privacy events across other company applications, keeping them all aligned and updated in real time with new consents, expirations, and revocations. This feature ensures that information remains consistent and accessible throughout the organization, minimizing the risk of misalignment within the tech stack.
Trust Guardian creates a dossier for every single person who provides personal data to the company, containing the complete privacy history – a detailed timeline of all privacy-related events of your customers – to help you respond quickly to any disputes or inspections.
Trust Guardian creates a dossier for each data subject that includes, in addition to the current Consent Register, their entire privacy history – a detailed timeline of all privacy-related events for each customer. This includes instances such as acknowledgments of privacy notices, every time they have given or revoked a consent, the start of data processing based on other legal bases (e.g., soft spam), and associated expiries. This timeline helps you meet the burden of proof in the event of disputes, audits, or inspections by the supervisory authority A supervisory authority is the public body responsible for monitoring the application of personal data protection regulations, ensuring compliance with the GDPR. In Italy, the supervisory authority is the Italian Data Protection Authority, which, among its activities, can also initiate inspections at companies to verify privacy compliance. Read more .
With the Federation feature, Trust Guardian consent management platform allows you to standardize and centralize privacy management among various companies in the group while keeping privacy information and history of each client separate for different legal entities, ensuring consistent and compliant management across the group.
Do you represent a group of companies composed of multiple organizations, where each one acts as an independent data controller? Or perhaps one of the companies in the group handles marketing for the others, also acting as an external data processor?
Great! Trust Guardian provides the Federation mode, which allows you to share and model privacy assets (such as purposes, privacy notices, documents, and data subjects keys) among various organizations within the same group or between external processors and their client companies.
Trust Guardian is designed to manage corporate groups, offering a single centralized point for privacy management while ensuring the segregation of data related to distinct legal entities. The Federation mode enables each legal entity within the group to maintain control and confidentiality over its data while benefiting from centralized and consistent privacy management at the group level. This approach ensures that privacy policies are applied uniformly, while the specific data of each entity remains segregated and protected in accordance with applicable regulations.
Trust Guardian includes myPrivacy feature, enabling you to manage requests related to data subjects rights in an orderly and compliant manner, offering both a self-service consent management area and a web form for handling data subject rights requests, feeding an internal register within Trust Guardian.
myPrivacy by Trust Guardian offers you two main features:
Trust Guardian provides a comprehensive set of APIs/WEBHOOKs for integration with any application, ensuring smooth and bidirectional data management between our consent management platform and company applications, for both data acquisition and sending of events and notifications.
Through API/REST, Trust Guardian receives data from all business areas and related software, such as CRM, marketing automation software, e-commerce platforms, and more. When a privacy event is detected, the Orchestrator processes it, verifies its legitimacy, and, if necessary, triggers the corresponding actions in company applications via webhook.
We provide comprehensive and detailed API/WEBHOOK documentation and consistently support to your system integrators in correctly integrating Trust Guardian, ensuring compliance with the company’s privacy asset modelling (purposes, notices, expiries, etc.).
Trust Guardian enables companies to avoid illegal data processing from the outset. Through the modelling of purposes and integration with company touchpoints, Trust Guardian consent manager ensures that every collection, processing, and storage of data complies fully with current regulations, significantly reducing the risk of data breaches and associated sanctions.
In the current regulatory context, being compliant is not enough; companies must also be able to prove it. Trust Guardian meets this need with advanced tools like the privacy black box, which securely records and stores all operations related to personal data privacy. This system provides complete and indisputable traceability, allowing companies to confidently address any inspections or disputes.
We aim to relieve you from the headaches of managing customer consents and privacy.
A Proof of Genuineness is based on the integration of Proofs of Authenticity and Legitimacy. It ensures that personal data is genuinely attributable to the data subject from whom it is claimed to originate and that its collection was carried out transparently and in compliance with privacy regulations, thereby protecting the company from complaints by data subjects and in case of inspections by the Data Protection Authority.
Read morePrivacy history is the complete timeline of all privacy-related events for each data subject, including consents, withdrawals, acknowledgments of privacy notices, and requests to exercise rights. With Trust Guardian, you can manage and store this history in a centralized and automated manner, ensuring compliance and protecting your company from disputes.
Read more
