Latest Posts

Storing consent in Dataverse

Posted on by Rishan Solutions

Loading

Under GDPR (General Data Protection Regulation), obtaining and managing user consent is a critical part of ensuring legal compliance. Consent must be obtained clearly, freely, and explicitly, and individuals must have the ability to withdraw their consent at any time.

When building applications in Power Pages or other Power Platform solutions, you can store user consent in Dataverse for better management and compliance. This approach allows you to track who has provided consent, when, and for what purpose.

Below is a guide on how to store consent information in Dataverse.

1. Define the Data Structure for Consent in Dataverse

Before storing consent, you need to define an appropriate data structure in Dataverse. Create a custom entity (table) called UserConsent to store the consent details. You may want to capture the following fields:

Fields in UserConsent Entity:

  • UserID: The identifier of the user (can be linked to the Contacts or Users entity).
  • ConsentGiven: A Boolean field to indicate whether consent has been granted (Yes/No).
  • ConsentDate: The date and time when consent was provided.
  • ConsentType: The type or category of consent (e.g., marketing, data sharing, etc.).
  • ConsentWithdrawn: A Boolean field to indicate whether the user has withdrawn consent.
  • WithdrawnDate: The date and time when consent was withdrawn (if applicable).
  • ConsentDetails: A text field to store any additional information or notes about the consent (e.g., purpose of consent).
  • ConsentVersion: A version number for consent policies to track which version of the consent terms were agreed to.

Example:

textCopyEditUserConsent
- UserID (Lookup to Contact)
- ConsentGiven (Boolean)
- ConsentDate (DateTime)
- ConsentType (Option Set: Marketing, Data Sharing, etc.)
- ConsentWithdrawn (Boolean)
- WithdrawnDate (DateTime)
- ConsentDetails (Text)
- ConsentVersion (Version Number)

2. Create the Consent Capture Form in Power Pages

In your Power Pages portal, create a form to capture user consent. This could be done through checkboxes or toggles where users explicitly provide consent for different types of data usage, like marketing communications, data sharing, or other processing activities.

Example Consent Form:

<form id="consentForm">
  <h2>Consent for Data Usage</h2>

  <label>
    <input type="checkbox" id="marketingConsent" name="marketingConsent">
    I agree to receive marketing communications from [Company Name].
  </label>

  <label>
    <input type="checkbox" id="dataSharingConsent" name="dataSharingConsent">
    I consent to share my data with third parties for service improvements.
  </label>

  <button type="submit">Submit Consent</button>
</form>

3. Capture Consent in Power Automate

Once the user submits the consent form, you can use Power Automate to process the form submission and store the consent information in Dataverse.

Steps to Create the Flow:

  1. Trigger: Use the “When a row is added, modified, or deleted” trigger from Power Automate, based on the submission of the form in Power Pages.
  2. Get User Information: Retrieve the user’s information, such as their contact details, from Dataverse.
  3. Create a New Consent Record: Create a new record in the UserConsent entity to store the consent information.
    • If the user has already provided consent, update the existing record.
  4. Store Consent Details: Store the ConsentGiven, ConsentDate, and other relevant fields, including which consents were given (e.g., marketing, data sharing).
  5. Send Confirmation Email: Optionally, you can send a confirmation email to the user after they submit their consent.

Example Power Automate Flow:

  1. Trigger: When a form is submitted in Power Pages.
  2. Get User Info: Retrieve the UserID of the person submitting the form.
  3. Create/Update Consent Record:
    • Create a new record in the UserConsent table or update an existing one.
    • Store the consent information such as ConsentGiven, ConsentDate, and ConsentType.
  4. Send Email: Notify the user that their consent has been successfully recorded.

4. Handling Consent Withdrawal

GDPR requires that users can withdraw their consent at any time. Therefore, you need to create a system for handling consent withdrawal. You can provide users with an option on your portal to withdraw their consent.

Example Withdrawal Form:

<form id="withdrawConsentForm">
  <h2>Withdraw Consent</h2>
  <label>
    <input type="checkbox" id="withdrawMarketingConsent" name="withdrawMarketingConsent">
    Withdraw my consent for marketing communications.
  </label>
  <label>
    <input type="checkbox" id="withdrawDataSharingConsent" name="withdrawDataSharingConsent">
    Withdraw my consent to share data with third parties.
  </label>

  <button type="submit">Submit Withdrawal</button>
</form>

When the user submits a withdrawal request:

  1. Power Automate Flow: Trigger a flow to update the existing consent record in Dataverse.
    • Set the ConsentWithdrawn field to True.
    • Store the WithdrawnDate.
  2. Notify the User: Send a confirmation email to the user that their consent has been withdrawn.

5. Tracking and Auditing Consent Data

For audit and compliance purposes, you should maintain a log of all consent records and their changes (e.g., when consent was granted or withdrawn).

You can create an Audit Log table in Dataverse to track changes related to user consent.

Example of Audit Log:

  • UserID (Lookup to Contact)
  • Action (Granted, Withdrawn)
  • ConsentType (Marketing, Data Sharing, etc.)
  • DateTime (Date and time of action)
  • Details (Additional details, e.g., version of consent)

6. Ensuring Legal Compliance

To remain compliant with GDPR:

  • Always ask for explicit consent for each distinct type of data processing.
  • Ensure that users can easily withdraw their consent.
  • Track and store consent data securely.
  • If you change your consent terms, create a new version in your ConsentVersion field and ask users to agree to the new terms.

7. Consent Reporting and Monitoring

You can also create custom reports or dashboards using Power BI or Power Pages to track consent data across your user base. These reports can help you monitor:

  • The total number of users who have granted or withdrawn consent.
  • The types of consent given (marketing, data sharing, etc.).
  • How many users need to be contacted for consent renewal.

Leave a Reply

Your email address will not be published. Required fields are marked *