We use a self-sovereign identity scheme. The keys that identify the user are created and stored in the user's terminal, along with the rest of their details. An exchange protocol allows you to share the necessary credentials with the organization's servers so that they can verify users. A built-in consent mechanism generates a signature to indicate how the data should be used. This allows complete control of the current and historical use of the data by the user, while allowing organizations to manage their data with full GDPR compliance.