To understand how consent is applied in GDPR, consent itself must be defined. According to the GDPR the definition is the following: ‘Any freely given, specific, informed and unambiguous indication of the data subjects wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’
The main goal here is to make sure that when consent is mentioned, we are talking about ‘explicit consent’. The reason this is so important is to leave no room for misinterpretation.
In the definition above the words ‘clear affirmative action’ are mentioned. Which means that a simple opt-out consent, such as pre-ticked boxes, will not be valid.
The consent giver must be aware of the nature of the data being collected, the details of the automated decision as well as the effects of the automated decision. It is also very important that there is complete transparency about details of the data being transferred and the risk of said transfer.
As for the implementation of the GDPR, what is important for you to know. If the consent is obtained before the 25th of May 2018 and is aligned with the GDPR standards, the consent remains valid even after the GDPR is launched. However, all consent obtained after that date will have to be completely in line with the GDPR rules.
Do you want to get more information about GDPR? Read the previous articles.
GDPR Series – Episode 1 : What is GDPR?
GDPR Series – Episode 2 : What are the basic principles of GDPR?
GDPR Series – Episode 3 : What are the 6 possible legal bases?
GDPR Series – Episode 4 : What is the material and territorial application of GDPR?
GDPR Series – Episode 5 : How is sensitive data protected by GDPR?