Consent is one of the six legal bases laid down by the GDPR for processing data.
It must meet the following conditions:
Free: not consenting must not have negative consequences.
Specific: we must know what we are consenting to and we must consent by purpose
Informed: you must be fully informed about the processing operation before giving your consent, and at least about :
- the identity of the data controller
- the purpose
- the existence of the right to withdraw consent.
The information must then be supplemented by a personal data charter or privacy policy.
Unambiguous: positive action by the individual. The individual must say YES! Consent boxes must not be ticked by default.
Documented: consent must be proven.