User interaction and consent collector (CC)
This can be considered as an interface to interact with users and capture consent. It further provides facilities for enforcement of rights, such as data access, erasure and rectification.
Consent manager (CM)
The CM translates the obtained consent into various attributes such as consent validity, consent obligation and consent permission. These attributes can be stored and used for data processing. It enforces the correct behaviour of data handling systems according to the consent and terms of privacy requirements. The consent manager only keeps the up-to-dated consent, which is relevant for the current consent permissions for processing of data. Additional information such as who signed the consent, when the consent was given, and what information was exchanged while providing consent is stored by the reconciliation manager.
Data manager (DM)
The DM ensures adequate permissions for intended usage and processing of data exist, as specified by the consent, before any processing of data, including collection, starts. It is responsible for managing data according to the consent and provides protective control by ensuring only authorised processing of data.
Context handler (CH)
The CH generates a context for a new consent and informs data manager about it. Consent is given for a specific circumstance, e.g. filling online form while signing up for receiving marketing material, doing a transaction/placing an order or subscription to a newsletter. If the purpose of processing the collected data gets changed over time for any reason, e.g. when storage of data might shift to a different cloud storage provider, or he purpose of data collection or usage changes. The CH is responsible for managing context and for detecting those changes of context and informing the consent manager and data manager of these changes. The CM then identifies the change and updates the processing related information, which was created during consent collection. The DM then halts the current processing and checks the new updated permissions for further processing of data.
Reconciliation manager (RM)
The RM is responsible for maintaining and reconciling a processing log of all activities involving data and consent. It records how consent was obtained based on the mechanism used by the user interaction handler to interact with the user, the consent itself from the consent manager, and the activities using the consent. It also keeps a track of the data lifecycle as provisioned by the DM, including activities such as storage and sharing. A record of archived consent and data is also maintained by the RM in events of any context changes and consent revocation. It supports demonstration of the correct behaviour that has been undertaken for compliance reporting purposes.