An integrated system
for Consent Management

A single key fob and many unique digital keys
for easy access to the privacy history of each individual

PrivacyOS is a Consent Manager that centralises the management of consents in a single master and at the same time gives you back control over strategic Privacy data, offering independent access to consultation by all GDPR actors in the company: ITC, DPO and legal area, marketing. A tool that speaks all languages and dialogues with all applications. While the first generation of Consent Managers simply recorded consents as if they were lines in Excel, the challenge of innovation launched by PrivacyOS goes further and looks at all stages of the Consent Management process.

Consent life cycle:
yes is not forever

The personal data that Data Subjects have entrusted to the company are valuable, but they are neither eternal nor immutable. Do you know every step of their life cycle? The most important stage is collection: information that is not acquired at this stage and that could have protected you in the future by proving the genuineness of the data collected can never be obtained again. Storage is always bound to a retention period after which the personal data must be anonymised or deleted: before this deadline you can ask the person concerned to renew their consent, after which it would be too late. The use of the data is always linked to the Purposes for which the data was collected and therefore to the Consents or Permissions obtained. All Consents can be rectified (your client can change his mind) and only some Permissions can be opposed, depending on the Legal Basis and the Purpose as well as, for the Legitimate Interest, on the balance between the interests of the Data Controller and the Rights and Freedoms of the Data Subject.

These are important issues for the protection of the company and are often underestimated. In addition to the Data Retention Period, Rectifications and Oppositions, there are two other circumstances in which processing must be interrupted: when the Purpose is reached before its expiry or when the Controller considers it unattainable. These seem improbable situations, but it is what happens, for example, when a prospect becomes a customer (pre-contractual purpose completed and activation of a new purpose on a contractual basis) or when a candidate is rejected (pre-contractual purpose no longer attainable, possibly activation of a new purpose on the basis of legitimate interest).

How PrivacyOS works

Light – cloud-based software – with an advanced and innovative technological architecture: PrivacyOS is a consent hub that receives, records and orchestrates information from all company applications, with which it easily integrates via an API/REST interface. Nothing escapes its radar, nothing is left to chance. A tool – the only one on the market – that brings together different functions and that marks an important new step in the technological evolution of Consent Management.



from promises to Privacy by Design

The promises of the Register of Processing and Privacy Notices are digitally captured and inventoried to model the rules engine: PrivacyOS automatically organises Consents management on the basis of the rules written on “paper governance”, creating a solid bridge between words and data, between the promises and the facts of Privacy by Design.


communicates in real time with all applications
and writes the consents score

Are you afraid of getting lost in the galaxy of GDPR events and consents and committing offences? Keep calm: PrivacyOS writes the consent management score for you. It alerts you (and all company applications) when a consent or permission is about to expire and automatically resolves misalignments (e.g. the same consent enabled on one platform and disabled on another). It does this by communicating in real time with all the company’s applications, from CRM to websites, from apps to ERP…


dialoga in real time con tutti gli applicativi
e scrive la partitura dei consensi

Temi di perderti nella galassia degli eventi e dei consensi del GDPR e di commettere degli illeciti? Keep calm: la partitura della gestione dei consensi la scrive per te PrivacyOS. Ti avvisa con un alert (e avvisa tutti gli applicativi aziendali) quando un consenso o un permesso sta per scadere, risolve automaticamente i disallineamenti (ad esempio uno stesso consenso abilitato su una piattaforma e disabilitato su un’altra). Lo fa colloquiando in tempo reale con tutti gli applicativi aziendali, dal CRM ai siti, dalle App all’ERP…


the Master of personal data access keys

PrivacyOS hunts for the data access keys (consents and permissions) in every drawer, records them in a centralised key fob and places them in a safe: it does this in a timely and reliable manner, associating to each Consent the Proof of Genuineness and historicizing each event.


from three weeks to three minutes
with the Event Log

In case of complaint, dispute, inspection, PrivacyOS is the best ally of DPO and ICT. In real time and automatically, the Privacy Event Log – one of the most significant innovations introduced by PrivacyOS – certifies your actions and accountability. In just a few minutes you can organise an output that would take weeks of research, manually scanning your archives for forgotten keys (perhaps from some external supplier).


da tre settimane a tre minuti
con il Registro degli Eventi

In caso di denuncia, contestazione, ispezione, PrivacyOS è il miglior alleato di DPO e ICT. In tempo reale e in modo automatico, il Registro degli Eventi della Privacy – una delle innovazioni più significative introdotte da PrivacyOS – certifica il tuo operato e la tua accountability. In pochissimi minuti organizzi un output che richiederebbe settimane di ricerca, scandagliando manualmente i tuoi archivi a caccia delle chiavi dimenticate (magari da qualche fornitore esterno).

Practical Cases

See in how many different ways PrivacyOS is valuable

Why keep the criticality of Consent management in-house
when it is better to outsource it to PrivacyOS?