Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Audit-ready Consent: Protect Your Business

Capture and record consent and preference data in a secure, audit-ready vault and access a complete history of each customer’s preferences and consent settings for audit purposes.

Don’t Be Caught Off Guard

The GDPR stipulates that when regulators ask for proof from a business that their customers have granted explicit consent to have their personal data processed, that proof must exist. Excuses like “Our records only go back so far”, or “I have to sift through dozens of systems to collect a complete history of consent” will simply not fly. Businesses will need to have full visibility and access to every customer’s entire history of consent with the business, from first touch to last.

Prove Yourself Capable

As customers interact with a business, Gigya Enterprise Preference Manager captures, records and stores their preference and consent records in a centralized, secure and audit-ready vault. When audit requests occur, businesses can easily access a complete history of consent records — each with time and date of consent recorded — for every customer across devices and channels.

Get ready for GDPR

Do you hear that ticking sound? We sure do. The EU’s General Data Protection Regulation (GDPR) will be enforced on May 25, 2018, and penalties for non-compliance are harsh. Do you have a plan? If not, download our CIAM GDPR Readiness Toolkit to start planning now.

Audit-ready Consent: Product Features


An Audit-ready Vault for Customer Data, Preferences and Consent

The EU GDPR doesn’t suggest that businesses operate with transparency in regards to processing consumers’ personal data, it requires it. That’s why, at the center of Gigya Enterprise Preference Manager, is a secure, audit-ready vault. Within this advanced repository, businesses can confidently capture numerous versions of terms, policies, customer preferences and consent settings. Precision record keeping functionality, including time-stamped transactions for tracking all recorded versions across the business, helps ensure that customer data remains accurate and securely accessible throughout each customer’s lifecycle.

With Gigya Enterprise Preference Manager, businesses can mitigate regulatory scrutiny while building trust with and gaining a more complete understanding of their customers.


A Single Source of Truth for Audits

To address the GDPR requirement for providing proof of customer consent when requested, administrative, legal and privacy stakeholders must know how, when and why consent was granted for every customer and every transaction. Because Gigya maintains an audit-ready vault for storing customer preference and consent data, businesses can rest assured that they always have ready access to a complete and accurate history of customer permissions should auditors come knocking.

Gigya Enterprise Preference Manager helps alleviate the burden of proof by providing an accurate and complete audit trail of preference and consent settings, helping to protect the business while saving administrative resources.


Security is Job One

Gigya maintains advanced information security systems and practices to safeguard all customer information. Gigya is ISO 27001-certified and has completed a successful SOC2 Type 2 audit. Our five SSAE-16-certified regional data centers ensure compliance with data localization laws. PII, access tokens, and all other sensitive data is encrypted with the industry-standard AES256 algorithm prior to storage, and data transfers are encrypted using Transport Layer Security (TLS). A multi-layer data loss protection architecture is employed to ensure continuous operation and zero data loss in case of hardware failure.

In addition, highly regimented internal access control and authorization mechanisms are enforced at all information system levels according to the “least privilege” principle. Gigya also conducts regular third-party vulnerability scans and penetration tests and maintains a bug bounty program to search for weaknesses, and uses the OWASP framework for risk analysis and mitigation across our application development lifecycle.

To learn more about Gigya’s InfoSec systems and practices, visit our Trust pages or download our white paper.

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.