If you’re collecting personal information from European citizens, the upcoming GDPR imposes very specific documentation requirements. The Kantara Initiative’s Consent and Information Sharing Work Group has been working on “ consent receipt” specification so that it’s clear to both parties — data controller and data subject — what consent has been granted for which data and how that data is going to be used, stored, and destroyed. Kantara released its consent receipt API documentation to the public. Kantara also certifies that organizations are implementing the Identity Assurance program effectively, and it is actively working towards assessment and approval of the proper use of the consent receipt specification, and consent management systems in general, for release later next year.