Students stored in Student CRM must store the consent they have given you, so you can process their personal data under the GDPR. Once you have that consent the student can change or withdraw it over time so that you can contact them accordingly throughout the relationship.
What is a Consent Pack?
Each consent is one of a list of separate Consent Packs that you first create in the app Privacy Centre, see this example:
You create different Consent Packs as you need them
Any student data entering Student CRM will carry a consent pack ID (see "CID:210" above), depending on the where the student data came from. So, data arriving from different sources can each have the appropriate consent:
Source = web forms, ie: bookings, enquiries, event registrations, etc - might use your "Enquiries Consent" pack.
Source = UCAS applications - might use your "UCAS Applicants Consent" pack.
Source = Unibuddy conversations with ambassadors - might use your "Unibuddy Consent" pack.
How does each student give consent?
Explicitly at the point of providing their data. They know at the time they click 'submit' or 'register' or 'book' or 'apply', etc, that you will be processing their personal data in accordance with their wishes.
Students who don't give explicit consent
Whilst relatively rare, this typically this happens when a student makes contact with you wishing to find out more information about studying with you, but doesn't do so as 'data'. These would usually include:
Walk-ins to reception
Inbound telephone calls
Inbound post
Emails to your 'enquiries@university.ac.uk' inbox
In each of these cases a new student record is created either by the system or by an officer typing in the name and email, etc. The officer does not, however, need to try to figure out which of your many consent packs is correct because that is set up in advance. See this Enquiries setup tab below:
It is configured in advance in exactly the same way in the app 'Student Database'.