Welcome to this session of tools, choice on privacy and consent management solutions. In this session, we will be talking about the core functionalities of privacy and consent management solutions. We will be discussing the most common use cases that we see privacy and consent management solutions meeting. Then we'll talk about the combination of functionality with use case in the form of a matrix, which is a tool to help prioritize, which recommended criteria to look for in its in a solution. And then we will look over the core functionalities, particularly the top 20 major functionalities that a privacy and consent management solution should include. So privacy and consent management is an umbrella term. It encompasses a lot of concepts and also a lot of goals that an inter enterprise should be working towards depending on how it is oriented in what industry it's in, how it relates with end users.
So the first use case that comes up is cookie management. And this is a very generally applicable use case. Most enterprises do have an online presence and most have end users, which may come from the EU and who are under the protection of the GDPR. And so cookie management looks at how to prevent unwanted cookies from firing until the appropriate consent has been collected. It may do this in different ways, such as scanning and providing reports of all the cookies present or by a white listing strategy where only certain pre-approved cookies or trackers are allowed to be deployed on the site and managing how consent signals are sent to downstream partners like digital advertisers.
Information and the decisions which are collected must be correctly communicated and implemented to your internal departments and also external parties. The next use case covers a combination of user self-service and control with compliant aspects, such as D SARS or data subject access requests here, users must have the ability to control and to exercise their data rights. And this is based on jurisdiction in order to make this possible for the enterprise. There must be workflows for the enterprise to use, to manage these processes. And finally, we have a purely auditing and compliance related use case where the audit trails of consent collection activities should be recorded along with documentation of compliance efforts over time, and the ability to complete regular D P IAS or data protection impact assessments.
So as you can see, these use cases cover a wide variety of goals, all funding under the concept of privacy, but achieving very different things. And it requires very different technology and capabilities from a tool. Now, the tools and the solutions that we will look at eventually could either be very wide and broad ranging in their capabilities or very fo focused point solutions. In this session, we will take a look at the primary capabilities that we find in most solutions covering these use cases. Now we could just look at a laundry list of core functionalities, but this is overwhelming. It doesn't meaningfully organize our time when trying to make a decision of what tool or solution would best meet the needs of our organization. So what we find is much more useful is to use a matrix or a rating system in order to organize the main functionalities that we see in solutions with the different primary use cases.
One example of these tools is what you see in front of you. This matrix here, where along the top, you see the five use cases that we just discussed. And along the left side, you see a few of the core functionalities that we will talk about today. And this is a shortened example of what you could imagine, a full matrix being with 20 or even more core functionalities being considered. The prioritization is assigned visually here. So you can see a full circle, indicates a high importance of a functionality impacting the use case and helping it to achieve its main goal. A half circle indicates medium importance, and the quarter filled circle indicates low importance. So let's go an example case let's look at just cookie management as a use case. The first core functionality that we have listed here is to prevent cookies from firing before appropriate consent has been collected.
This has of course high importance to helping a cookie management solution achieve its goal. Next, we have standardized insect signals and we think of a cookie management scenario, end users must provide their consent before a cookie is collecting any information. Well, that's all good and fine if it, if it is collected, but it has to be communicated in an appropriate way. This is best done with standards so that not only the first party organization can receive and act on those signals, but downstream organizations such as digital advertisers must also have to receive those signals and be able to understand and act on them. Next, a audit trail is also of high importance as that content is collected, it must be recorded. Next on the list is compliance progress and some solutions use visual dashboards reports and other methods to help an organization understand their journey towards compliance.
I've grouped them as I've done here into use cases, of course, a functionality could be applicable to more than one use case. So please don't limit yourself by the way I've defined them. But I hope you find it useful that these functionalities are presented in a somewhat logical order. So the first use case we'll look at is again, cookie management. So the first capability you've already seen, it was in our example, before it is to prevent cookies from firing before you've collected the appropriate consent, next is a cookie consent form. And so if personal end user information is collected via cookies, the consent must be obtained for the reason of processing. So a strong cookie management solution should provide a cookie consent form and it can do this in multiple ways. That leads us to our next capability, which is a cookie tracker and scan, or from a white list approach.
So having workflows that specifically relate to data, subject access requests is very, very useful to an organization to help automate this. Yeah, sometimes complicated process. Next you have, I consent voluntary update, which is really the user control part of this, where a user should have easy access to their historical consent decisions in order to view it and to voluntary, voluntarily updated. If they so desire. This also can be done with preferences, which is really the alignment between marketing and achieving these privacy and consent requirements. The next section considers auditing and compliance, and here the critical capabilities include consent audit trails support for DPIs or data protection, impact assessments and solutions could either support these processes or offer full D P I a management. It's also a useful capability here to offer compliance progress. So a dashboard of visualization insights on the progress towards compliance and inform organizations of the critical gaps that they have on their compliance journey.
Other supportive functionalities here include data inventories and data mapping where solutions can help organizations gain awareness about what private information is held and processed, where in the organization, it resides and also provide visual representations of the data that must be controlled. Now, as you recall, these functionalities do not fit exclusively to the use cases that I've presented you here. They often overlap with each other and as we find ourselves here, there are some important features that really can fit to all and support all use cases, include data, risk management, such as supporting processes for mandatory breach reporting. This includes seam integration, where it's beneficial to track and trace any data breach. Should it occur via a privacy and consent management solution? Machine learning tools can compliment many of the goals of privacy and consent management solutions when they work with high volumes of data and can assist in automating certain tasks.
And of course, access management where privacy and consent management solutions should have the ability to support multiple identity types, protocols, and tokens, and take care of the security aspects here. So there are a few takeaways here for you. And the main idea is that consent compliments, but is secondary to privacy. And we see privacy is still being defined mostly as a social construct, but technologically, this has to remain aligned with what is being viewed in the general public and socially privacy is something that we should have, but that it is possible to give away, hence the consent part of this equation, but consent is not privacy consent protects the freedom to give away your privacy. And so in this hierarchy, privacy must be higher than consent. And when privacy, especially privacy by design, when this governs the type of data that is being collected, its usage, its storage consent can then allow the end user the freedom to have personalized services while their data is being treated with respect. Thank you for your participation today in this tools choice session. And I look forward to speaking with you again,