Audit Trail

Audit Trail, otherwise known as Audit log, is the recording of users interactions on a website and the proof of consent the user has given.

What is an audit trail?

An Audit Trail represents source documents and transaction records in the digital age. Collecting, processing, and analyzing data is based on a ‘contract’ between the website’s users and the owner. Hence, the set of these ‘contracts’ can be represented by an Audit Trail, composed of records and files. Information that can be found within an Audit Trail includes the location and VPN of the user, the time when he interacted with the website, what were his consent choices and if he changed them over time, when, and how. Specifically and a business should store information, such as:

  • Date and time when consent was given
  • What information did the user provide (e.g. user’s name, email, IP address)
  • What exactly did the user consent to?
  • What was the exact wording that the user consented to? (e.g. “I would like to subscribe to regular email marketing from company X”)
  • What information was given to the user about your privacy policy
  • What is the specific wording of privacy policy and terms & conditions at the time of consent?
  • What did the button the user clicked say? (e.g. “Sign Up!”)
  • Was consent implied or implicit?

Why is an Audit Trail Important?

All data processes must be recorded in the Audit Trail to prove your marketing and operating activities are done with the legal consent of your website’s users. Audit Trail is your proof and evidence. Whether you have been managing your website in compliance with the laws and regulations does not matter if you cannot prove it. Like a receipt or an invoice, an Audit Trail is an essential part of recording your business activities and may be necessary for legal matters.

How to keep a compliant Audit Trail?

Audit Trails can be tricky to keep track of since discussions about new regulations are still happening. It can be especially challenging if you have a multitude of users on your website every day. Consent preferences may change, and monitoring and recording may not always turn out to be clear and transparent. Fortunately, there are solutions out there that can help you.