Step 1: Setup Audit Database
1. Overview
The applicable laws such as TCPA and GDPR make it mandatory to obtain consent and keep records in a readily available audit database which can be used as evidence in case of a dispute. This database of consent records needs to be maintained for 4 years (as per GDPR) from the date of its creation.
With SMS-Magic you can choose how you obtain and maintain or record your consents. You can choose to get a blanket consent for sending any legally possible content or get a specific consent. For example, you can get blanket consent for sending any type of messages, service, transactional, or promotional; or you can get specific consent for sending transactional messages only.
This specific consent is recorded via Sender ID and Content Type. You can choose any of the following methods:
- Mobile Number Only – You opt-in to have a blanket yes or no consent for any recipient
- Mobile Number and Sender ID – You record consent for specific Sender ID’s.
- Mobile, Sender ID, and Content Type – You choose to do specific consent based on Content Type.
For channels other than SMS, Sender ID will be considered as a default parameter along with the selection you make above.
Example – If you have selected ‘Mobile Number’ as a parameter. For channel SMS, the System will record opt-in consents with the recipient’s mobile number as a parameter. But for the WhatsApp channel, the system will record the recipient’s consents with a combination of Mobile number and WhatsApp Sender ID.
In Consent Record Setting, select the relevant parameters to define consent records.
The compliance feature helps you create a consent database based on all these parameters. You can also enable users to create a consent record manually. However, users need to be provided with relevant permissions to create and update the consent database.
You can define consent record parameters in the following four possible combinations:
| Parameter | Description |
| Mobile Number | When you enable mobile number as a record parameter, all consents will be accepted only when responses are received through the default mobile number that the customer provides. This is a mandatory parameter and will have to be included in every combination. |
| Mobile Number and Sender ID | When you enable this parameter, consent records will be registered when responses are received from the registered mobile number and by the defined Sender ID of the customer. |
| Mobile Number, Content Type, and Sender ID | When you enable this parameter, consent records will be registered against responses received from the defined phone number of the customer, for a specified Content-Type sent to the customer, and by the Sender ID of the user. |
| Mobile Number and Content Type | When you enable this parameter, consent records will be registered against responses received from the defined phone number of the customer, for a specified Content-Type sent to the customer. |
For channels other than SMS, Sender ID will be considered as a default parameter along with the selection you make above.
Example – If you have selected ‘Mobile Number’ as a parameter. For channel SMS, the system will record opt-in consents with the recipient’s mobile number as a parameter. But for the WhatsApp channel, the system will record the recipient’s consents with a combination of Mobile number and WhatsApp sender ID.
2. Methods of Input
Consent is captured through text messaging, paper forms, emails, or web forms. All these varied methods of input can be categorized under three areas. These are as follows:
Mobile – You can print the mobile numbers on billboards, posters, or print ads in order to encourage customers to share their consent for receiving updates on your products and services. When customers send in their consent through these numbers, the input source is recorded as Mobile.
Online – All Web forms or partner sources sending in new lead information are considered as valid sources for collecting consent. However, it is recommended that you provide explicit instructions to customers to perform a specific action (such as while selecting a checkbox or clicking a Submit button) in order to submit their consent. Once submitted the database can record the input source as Online.
Offline – All physical forms such as contracts or other paper forms can also be used to collect consent requests. Even for physical forms, you need to mention the specific action the customer needs to perform in order to send their request. All requests collected through paper forms need to be added to the consent database.
You will get a comments field to input the details on the consent source while you add the consents manually. Similarly, if you have consent captured at record level field and wish to create a consent record, there should be a custom field at record level which will comprise details on how the record is being created. This is a recommended practice for maintaining the audit details.
The ‘Methods of Input’ section will appear only when you are configuring the compliance details for the first time.
3. Consent Record Expiry
The Consent Record Expiry section enables you to manage Consent Expiry for your compliance configuration so that you adhere to the messaging compliance of your country. You can configure a period after which all your recorded consents will get expired. This Consent Expiry period can be in Weeks and Months.
4. Keep Audit Report As Object
In the Keep Audit Report as Object, click View Sample Database. A popup window appears to display a sample database.
5. Manually capture or revoke consent
Enable the Allow users to manually Add/Edit Consent Records option if you want to allow agents to add consent records manually.
For non-admin users, in addition to enabling this feature, you have to provide users with the custom permission AllowToAddManualConsent to help them create and update consent record databases.
The Add Manual Consent Record button in the Consent Record will remain disabled if you do not enable the Allow users to manually Add/Edit Consent Records option. The Consent Record database will be created only after you complete the compliance settings.
Click on the ‘Next’ button to proceed