Companies gain loyalty and trust when they offer transparency and control to their users and customers regarding the personal data that is collected, processed, or shared. In Europe, the General Data Protection Regulation (GDPR) was designed specifically for allowing companies to collect and use valuable data about its users, while protecting the rights of citizens to control what is collected and used. To support the collection and end-user control of personal data, PingDirectory Server includes schema and REST APIs that provide the ability to collect fine-grained data authorizations (consents), from users and customers.