Audit Logging

DataGrail Consent allows your privacy administrator to download past records of Consent preferences made by each unique device as a .csv file.

The audit log suffices the "burden of proof" requirement as specified by the GDPR:

Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.

Other agencies and policy frameworks may also require similar proof of Consent, in case there is a need for confirmation as a result of an audit or request from the data subject.

How to Access The Audit Log

The audit log is available via the eponymous tab located within DataGrail Consent

After selecting to download the .csv file, DataGrail Consent will fetch the last 10,000 records by unique identifier and begin the download once that process is complete.

Each row is delineated by the DG UUID, or the unique identifier DataGrail creates when a unique device visits your app. This means that the same person may have multiple UUIDs, depending on the browser and device.

If you are asked to provide proof of consent, we recommend asking the data subject to retrieve their UUID from their device by finding the datagrail_consent_id stored as a cookie on their device.

Data Subjects can provide their UUID by inspecting your website and finding the datagrail_consent_id cookie within the application tab. The UUID is the second part of the overall value stored.

Column Overview

Below is the list of columns in the spreadsheet, description, and example value.

Column Name	Description	Example
DG UUID	The unique identifier of a data subject's device.	3f3524a1-27bc-4b1f-9baa-76591e67c876
Timestamp	The exact time (UTC) the consent preference captured by the data subject.	2024-04-29T22:41:02.848745Z
Consent Behavior	The default behavior the data subject was subjected to when they first visited the site.	optin - The data subject must opt-in to scripts and trackers via DataGrail Consent using the banner notice. optout - The data subject must opt-out to scripts and trackers via DataGrail Consent using the banner notice or the Global Privacy Control signal.
Consent State	The consent preference recorded for the data subject's device.	essential_only - Only essential scripts/cookies have been accepted by the data subject. accept_all - all scripts/cookies have been accepted by the data subject. custom - the data subject has consented to specific categories of scripts to run on their device. GPC - the data subject sent the Global Privacy Control (GPC) signal as part of their browser request. DataGrail Consent treats this as essential_only DNT - the data subject sent the Do Not Track (DNT) signal as part of their browser request. DataGrail Consent treats this as essential_only
Consent Button Text	The actual text/verbiage visible when the button was clicked by the data subject.	"Accept Essentials Only"
Consent Categories	An enumeration of the category values recorded when the consent preference was made by the data subject. Values are false or not selected and true or selected by category or purpose.	Essential: true, Functional: false, Marketing: false, Performance: false
Agreement Text	The description text for the banner notice shown to the data subject.	This tool helps you manage consent to third party technologies collecting and processing personal data.
Language	The language visible on the banner when the data subject made their consent preference.	English
Policy	The policy framework the data subject was subjected to at the time of the consent notice	CPRA
Policy Links	The links visible on the banner when the data subject made their consent preference.	Google: [https://www.google.co](https://www.google.co), Bing: [https://www.bing.com](https://www.bing.com)
Page URL	The specific page from where the consent preference was captured and logged.	https://datagrail.io