Each time you collect data on a person, you need to add a Data Privacy permission to record how, where, and for what reason you are storing their personal data.

Over time, the organization may collect data on the same person multiple times. Each time, a Privacy Permission should be added which will give the rights for storing and processing the data held. These rights are cumulative, e.g. if you have seen this person at three different conferences, there will be three Privacy Permission records, of which two might be active and one expired. This still allows the data to be held and processed.

When a contact or lead is first created, there are no Privacy Permission records. But there should be at least one, to allow you to process their data.

Go to the contact or lead record and add a new Privacy Permission.

To add a Privacy Permission, select the New button on the panel.

This takes the user through three steps:

1. Select the Privacy Source type.

2. Select the Privacy Source for this type.

In this case, there is only one type of Privacy Source based on the "In Person" source type.

3. Select the date and add a description (e.g. evidence). 

By default, the date is set today. Enter the details of how the data was collected.  

If the Privacy Source has "Explicit-Opt-in" set, then the checkbox with "Agree to Privacy Notice" is displayed along with the Privacy Notice. If the user does NOT check "Agree to Privacy Notice" then Privacy Permission will be created, but the Opt-ins for the Allowed Communication Rules associated with the Privacy Source WILL NOT be created.

The new Privacy Permission will be shown in the Privacy Permissions panel. The expiry date will be automatically calculated from the communications default which is on the Privacy Source.

Go to Privacy Permissions tab. Hit NEW.

You only need to add four pieces of data:

Hit Save.  
Everything else is calculated or added for you.

When a Privacy Permission is added to a lead or contact, a number of Privacy Optins are added to the Privacy Permission.  An Optin will be created for each linked Communication Rule for the Privacy Source. These are shown in the Allowed Communications panel. If the Privacy Source is Custom Type, the user will select which Communication Rule to add.

A lead or contact may request to be unsubscribed from a Communication Rule. Go to the Allowed Communications panel, then from the dropdown menu select "Unsubscribe".

This has the effect of setting every Privacy Optin that the user has for this Communication Rule to unsubscribed; in the image above "Product Updates - Email". The other Communication Rules are not unsubscribed;  in the image above "Product Updates - SMS".

When a Privacy Permission reaches its expiry date, any Allowed Communications that were created because of this Privacy Permission will expire. The Allowed Communication will not expire if another Privacy Permission is in place to keep that Allowed Communication valid. 

If all of the Permissions have been expired or withdrawn then the Privacy Alert will show in red.

A Permission can be extended or withdrawn.

The retention or communications expiry can be changed. An example is when someone is personally engaged with you even through their permission is about to expire.

A permission cannot be deleted, but it can be withdrawn if it was created in error or incorrectly. If a person no longer wants to be marketed to, they should unsubscribe.

This will result in the Permission being withdrawn and all Optins expiring.