Skip to main content

Purpose Management

The Purpose Management Module in Open Source SAHAJ enables organizations to create, manage, and audit consent purposes in a structured and compliant way.

This module provides:

  • Internal workflows for defining, reviewing, and approving consent purposes.
  • Automated and manual transaction support.
  • BRD-CMS compliant granular consent capabilities.
  • Access to a pre-built Consent Purpose Directory spanning multiple industries.

By managing purposes centrally, organizations can streamline notice building, consent collection, and auditing.

Problem Statement

Organizations often struggle to maintain a consistent list of consent purposes across products, departments, and geographies:

  • Fragmented Definitions: Different teams define overlapping or conflicting purposes.
  • No Approval Workflow: Purposes added without privacy/legal oversight.
  • Compliance Gaps: Hard to ensure each purpose is granular, specific, and linked to proper data elements.
  • Translation Challenges: Consent purposes must be translated for notices and user interfaces.

These gaps create risk of non-compliance with DPDPA principles like purpose limitation and informed consent.

How the Module Helps

FeatureBenefit
Central Purpose RepositoryStore all consent purposes in one place for consistency.
Granular Purpose DefinitionEnsure each purpose is specific, separate, and user-friendly.
Approval WorkflowsDepartments submit purposes for review and privacy/legal teams approve them.
Automated & Manual TransactionsImport or export purposes via APIs or add manually in the dashboard.
Consent Purpose DirectoryAccess a pre-built library of 30k+ consent purposes across 20+ industries with translations.
Linked Data ElementsConnect each purpose with relevant data elements to simplify notices and auditing.
BRD-CMS CompliantFully aligned with SAHAJ’s consent lifecycle and audit requirements.

Key Functionalities in Detail

1. Purpose Creation & Management

  • Departments can define their own consent purposes via dashboard or API.
  • Each purpose includes:
    • Purpose name.
    • Detailed description.
    • Linked data elements.
    • Retention and legal references.
    • Granularity and scope classification.

2. Automated & Manual Transactions

  • Automated: Import purposes from enterprise systems or purpose libraries using APIs.
  • Manual: Add or update purposes directly in the dashboard for small-scale operations.
  • Version Control: Track changes to purposes over time with audit-ready logs.

3. Review & Approval Workflow

  • Multi-Department Input: Different business units propose purposes.
  • Central Review: Privacy/legal teams review and approve or reject proposed purposes.
  • Approval Records: Immutable logs of approvals for compliance evidence.

4. Granular Consent & Validation

  • Assign specific, non-bundled purposes to consent collection workflows.
  • Link each consent purpose to:
    • Data elements.
    • Notices.
    • Processing scopes.
  • Validate consent against the exact purpose before processing.
  • Access a curated directory with 30,000+ consent purposes across 20+ industries.
  • Purposes come pre-translated into multiple Indian languages.
  • Each purpose is linked to common data elements for quick setup.
  • Search, filter, and import purposes to build your consent processes faster.

6. Auditing & Compliance Reporting

  • Track who created, modified, or approved purposes.
  • Generate reports for internal audits or regulatory requests.
  • Map purposes to consents collected to prove lawful processing.

Implementation Flow

  1. Set Up Repository:

    • Configure the Purpose Management Module.
    • Import pre-built purposes from the directory or create your own.

  2. Departmental Input:

    • Departments propose new consent purposes via dashboard or API.
    • Attach relevant data elements and retention policies.

  3. Review & Approval:

    • Privacy/legal/DPO reviews each proposed purpose.
    • Approve or reject with feedback.

  4. Operationalize Consent:

    • Use approved purposes to build notices and consent forms.
    • Ensure consent collection aligns with approved purposes.

  5. Audit & Report:

    • Track the entire lifecycle of each purpose — creation, approval, usage.
    • Generate audit-ready reports showing purpose-consent linkage.

Privacy & Compliance Features

  • Granular, Specific Purposes: No bundled or vague terms.
  • Data Element Linkage: Every purpose tied to specific data elements and consent forms.
  • Multi-Language Support: Purposes and notices available in Indian languages as per Eighth Schedule.
  • Immutable Logs: All purpose creation, changes, and approvals are audit-ready.
  • Role-Based Access: Different permissions for departments, approvers, and admins.

Best Practices for Using the Module

  • Start with the Directory: Use the pre-built library to speed up compliance.
  • Keep Purposes Granular: Avoid vague or bundled purposes; users must be able to consent individually.
  • Integrate with Consent Lifecycle: Link purposes directly to your consent collection workflows.
  • Review Regularly: Reassess consent purposes annually or when business practices change.
  • Train Teams: Ensure departments understand how to define compliant purposes.