GDPR Compliant Consent Tracking for Health Applications

Why do you need an audit trail and how does Chino.io helps to implement it

Consent Tracking under the GDPR

Article 6 of the GDPR defines the basis for the processing of personal data of European citizens. The most common basis for application developers is to obtain a valid and informed consent from their end-users. Article 4(11) of the GDPR states that the consent of a data subject must be any freely given, specific, informed, granular, explicit indication of the data subject's agreement for the processing of his or her personal data.

In addition, Data Controllers must be able to prove that data subjects have given their consent lawfully. This means that developers (who either act as Data Controllers, or who develop applications for Data Controllers) need to keep a record of all consents, updates, withdrawals, and be able to demonstrate their compliance if required by the supervisory authority.

If Data Controllers are unable to demonstrate that the data subject has given consent to the processing, they can be fined up to 20M Euros, or up to 4% of the total worldwide annual turnover for the preceding financial year, whichever is higher (Art. 7).

To help developers with this task, Chino.io offers an extremely simple API that ensures compliance with all requirements and eliminates all risks in less than 5 minutes.

Check how the Chino.io Consent System works

With the Chino.io Consent API developers can:

✅    consent via 1 API call;‍

✅    Update the consent;

✅    Delete the consent;

✅    Search by User-Id (can be an also external User-Id e.g. e-mail);

✅    Get the full history of operations on consents of users;

✅    Get the legally valid audit log in case of legal issues.

The consent that is stored contains references to the Privacy Policy, User-Id, Data Controller Info (useful in case of multiple data Controllers using the same app), purposes for data processing that a user has accepted, and the version of the policy.

Still have questions?