Consent Management.
The CIAM capability for collecting, recording, presenting, and revoking user consent for data processing — required by GDPR, CCPA, HIPAA, and most modern privacy regimes.
The recurring compliance failure: capturing consent at signup but having no way to prove later what version of the privacy notice the user agreed to. Consent management must record version, timestamp, IP, and the specific permissions granted — that record is what defends against DPA inquiries. Retention typically matches the broader data-processing retention; for active accounts, indefinitely; for closed accounts, the limitation period for legal action.
Common questions
What's the difference between consent management and a cookie banner?
Does GDPR require a specific consent management approach?
How long should I retain consent records?
Related terms
In the guides
CCPA and CIAM: California Privacy Compliance for Consumer Apps
How CCPA / CPRA intersects with CIAM, opt-out, sale-of-data, consumer rights, and the architectural choices that satisfy California compliance.
Consent Management Platforms (CMPs) and CIAM: Where the Lines Fall
How CMPs (OneTrust, TrustArc, Cookiebot) compose with CIAM. The architectural seam, when each handles what, and the integration patterns that work.
GDPR and CIAM: A Practical Compliance Guide
How CIAM platforms intersect with GDPR, lawful basis, consent, data minimization, subject rights, and the architectural choices that make compliance maintainable.