Skip to main content

Consent Management

The Consent page at /mdm/consent tracks customer consent flags and data-usage permissions across MDM golden records. It's where GDPR / CCPA / HIPAA-style consent obligations are recorded and enforced.

Each customer (or other consenting entity) has consent flags across multiple dimensions:

DimensionExamples
Marketingemail_marketing, sms_marketing, push_notifications
Analyticsbehavioral_tracking, anonymous_analytics
Sharingshare_with_partners, share_with_affiliates
Profilingautomated_decision_making, personalised_offers
Retentionretain_after_relationship_end

Each flag has a value (granted, denied, unknown), a source (where the consent came from), a timestamp, and an expiry.

Where the consent was recorded:

  • Web form — at signup, with versioned T&Cs
  • Phone call — captured by agent
  • Letter / email — opt-out written confirmation
  • Implicit — derived from regulation (e.g. existing-customer marketing exemption)
  • Imported — from legacy CRM during onboarding

The provenance is critical for audit defence.

Page sections

  • Customer consent record — drill in by entity ID; see all flags, history, sources
  • Consent inventory — bulk view by flag (e.g. "all customers with email_marketing = granted")
  • Recent changes — last 30 days of consent updates
  • Expiring soon — consents within 30 days of expiry
POST /mdm/consent/{entity_id}
{
  "flag": "email_marketing",
  "value": "denied",
  "source": "web_form",
  "source_ref": "form_submission_2026_04_30_18a",
  "occurred_at": "2026-04-30T14:22:00Z",
  "actor": "customer"
}

The page records the prior value and links the change in the audit log.

Enforcement

Consent flags are referenced by:

  • Marketing automation (only sends to email_marketing = granted)
  • Analytics pipelines (apply behavioral_tracking filter)
  • Data sharing (Delta Sharing skips records denying share_with_partners)
  • RTBF — denied retention triggers erasure flow

The consent service is the single source of truth — every downstream system queries it rather than caching consent locally.

Audit

Every consent change is logged with:

  • Before / after values
  • Source + source_ref
  • Actor (customer / employee / system)
  • Timestamp

Retention is regulatory-driven (e.g. GDPR audit-trail retention). Configure in clxs.yaml.

API

GET   /mdm/consent/{entity_id}
GET   /mdm/consent/inventory?flag=email_marketing&value=granted
POST  /mdm/consent/{entity_id}
GET   /mdm/consent/{entity_id}/history