Praisma Hub LogoPraisma Hub

8.2.2 Security & Compliance — Compliance & Governance — Consent Management — Tracking and Withdrawal

Consent Management provides mechanisms to record, enforce, and audit user consent for data processing activities. It ensures that consent is explicit, traceable, and revocable in alignment with data protection regulations.

Consent Model

Consent is represented as a structured record linked to a subject, purpose, and scope.

Consent attributes:

Subject identifier

Processing purpose

Scope and categories

Grant timestamp

Status

Consent records are immutable except for status changes.

Granting Consent

Consent is collected through explicit user actions. Pre-checked or implicit consent is not supported.

Grant rules:

Clear affirmative action required

Purpose-specific consent

Versioned consent text

Example consent record:

Consent::grant([ 'subject_id' => $user->id, 'purpose' => 'analytics', 'version' => 'v1.0' ]);

Enforcement

Processing activities check consent status at execution time. Actions without valid consent are blocked deterministically.

Enforcement guarantees:

No silent fallback

Explicit denial on missing consent

Logged enforcement decisions

Withdrawal of Consent

Consent can be withdrawn at any time. Withdrawal takes effect immediately for future processing.

Withdrawal behavior:

Immediate status change

No retroactive data mutation unless required

Logged withdrawal event

Example withdrawal:

Consent::withdraw($user->id, 'analytics');

Audit and Traceability

All consent actions are recorded for audit purposes.

Tracked events:

Consent granted

Consent updated

Consent withdrawn

Audit records include timestamps and actor context.

Transparency and Access

Users and administrators can view current consent status and history.

Visibility includes:

Active consents

Withdrawn consents

Consent text versions

Integration with Data Processing

Consent status integrates with analytics, marketing, and personalization features. Processing pipelines respect consent boundaries automatically.

Security and Isolation

Consent records are tenant-scoped and access-controlled. No tenant can access consent data outside its scope. Records are protected by encryption and audit logging.