Srijan | Case Study

Building a Consent Management Platform for Compliance and Protection of PII Data

Written by Suhita Ghatak | Apr 14, 2021 6:23:00 AM

With data privacy laws being ubiquitous across nations, having a consent management platform becomes indispensable for organizations that hold and share private user data. The laws aim to strengthen the privacy of Personally Identifiable Information (PII) and give the user the power to manage its shareability.

Requirements

Our client needed an API Platform to comply with the following:

  • Allow the subscribers to decide on their willingness to give consent to share or deny access to their PII data.
  • Let the subscribers revoke their prior consent at any point of time.
  • Ensure that no subscriber data is shared with a developer or partner without explicit consent from the subscriber.
  • Allow partners to manage the consents where there are legal provisions to do so
  • Ensure that the consent management platform is highly scalable and can handle a high traffic volume

Challenge

The existing legacy consent management platform had limited abilities, it:

  • Could not cater to the bespoke needs of the business
  • Was also not able to handle the current and projected traffic needs

Solution

Srijan helped the client categorize the needs of the platform into 4 major buckets: 

  1. Every time Consent - Involves fresh consent submission for every transaction by subscribers. Example: using the subscriber’s subscription balance to pay for apps and services.
  2. Expiring Consent - Consent expiring after a stipulated amount of time. Example: sharing the customer’s location or balance 
  3. Non-Expiring Consent - Never expiring consent. Example: Apps access to frequently used data
  4. Bypass Consent - Subscriber consent is managed by trusted partners entirely. Example: Providing access to Law Enforcement agencies and other Fintech partners.

Overall Approach

  • The microservice platform was built using nodeJS, which was then containerized and deployed on AWS for scalability. 
  • Implemented Apigee Gateway to ensure scalability, extensibility, and customization of APIs.
    Enabled the subscribers to manage their data through the consent management portal to ensure data transparency.

Here is an overview diagram of our approach:

Tech Stack

Node JS, Apigee, Kubernetes, AWS

Business benefit

  • Ensures Data Sharing Transparency for its users, a much-needed aspect of business
  • Improved API responsiveness with higher throughput
  • Ensures legal compliance and minimizes legal risks 
  • Boosts brand trust and value among customers
  • Caters to varied subscriber management requirements
  • Enhances user experience with a subscriber portal