Information management consent recording overview

All social housing providers and letting agents who collect and process personal data from their tenants have specific and unambiguous responsibilities under the General Data Protection Regulation (GDPR). Obtaining clear consent from a tenant is a significant part of the GDPR requirements, with housing organisations being obliged to communicate unequivocally why the data is being collected and how it will be utilised, such that each individual's decision around granting permission is fully informed and freely given. Careful consideration must therefore be exercised when determining what personal data will be collected from tenants and also the process by which they gain consent for it.

When capturing the consent feedback received from a contact, four key aspects of data are stored within the record entry: Information Data Tags, Consent Types, Consent Outcome and Consent Provider. Whilst multiple parameter values can be linked to the same consent request outcome, each unique combination of data element classifications are presented and managed as a discrete entry, with review frequencies being automatically calculated from the consent type definition.

• Information Data Tags - The customised data element groups for which consent has been sought e.g. Personal Details, Bank Details, Medical Details, Communication Details, etc.
• Consent Types - The overarching classifications for which consent has been sought e.g. Internal Processing, Contractor Services, Support Provision Agencies, etc.
• Consent Outcome - The custom parameter value reflecting the contact's considered response to the consent request, which in turn is mapped to a master outcome category i.e. Granted, Refused or Other.
• Consent Provider -  These complementary field attributes denote the source of the consent: either the specific contact or a nominated third party. It is a requirement to keep accurate records, demonstrating what the individual has consented to, including what they were told, and crucially when and how they consented. Where a tenant has instructed a friend or relative to act on their behalf, it is important to obtain evidence of that person's identity, as well as a signature to confirm delegated authority passing from the tenant.

Separate help articles have been created for each key aspect of information management consent recording, including:

• To record the outcome of an information management consent request
• To update the expiration of an information management consent outcome
• To apply the results of an information management consent outcome review
• To analyse the information management consent history for a contact