Capabilities / Domain
Privacy, Consent & Compliance
CIAM sits on the most regulated data a company holds: who its customers are. This domain captures, stores, audits, and honors consent, and proves compliance with GDPR, CCPA, and sector rules. For regulated industries it is often the reason CIAM is bought at all.
Core capabilities
- Consent capture
- Collect explicit consumer consent at the right moments. Capture · Manage
- Consent granularity
- Fine-grained, per-purpose consent rather than blanket terms. Manage
- Consent dashboard & withdrawal
- Consumer reviews and withdraws consent, propagated across systems. Manage
- Consent audit trail
- Long-lived, queryable, evidentiary record of every consent event. Admin
- Data subject rights (DSAR)
- Support GDPR and CCPA rights to access, delete, and port data. Admin
- Regulatory coverage
- Built-in workflows for GDPR, CCPA, HIPAA, and other regimes. Admin
- Right to be forgotten
- Delete consumer data on request, including downstream propagation. Manage · Admin
What to ask a CIAM vendor
- Is consent captured per purpose and in context, or as a single blanket checkbox?
- Can a customer withdraw consent and have it propagate across downstream systems in real time?
- Is there a tamper-evident, regulator-ready audit trail of every consent event?
See how platforms compare on these capabilities in the vendor directory, or browse the full capabilities taxonomy.