What is GDPR’s definition of “consent”?

The General Data Protection Regulation (GDPR) is a law created to protect the personal data of people living in European Union (EU) countries. The GDPR defines consent as any freely given, specific, informed, and unambiguous indication of will from an individual, which indicates that they agree to the processing of personal data related to them. Consent must be given in a clear manner, meaning that the individual must be given all of the information about what will happen to their information before they are asked to give their consent. For minors, consent is only valid if given by a parent or legal guardian. If a person withdraws consent or if it is deemed invalid, any processing activities occurring as a result of the previously given consent must stop. Consent must also be specific, meaning that an individual must provide separate and distinct consent for each processing activity. Furthermore, consent cannot be a precondition for a service which must be provided, nor can consent be bundled with other terms and conditions. Overall, the GDPR places an emphasis on providing individuals with the information they need to make an informed decision before their personal data is processed, and providing a clear, unambiguous way to grant consent before processing begins.

Related FAQs

How do I respond to a data security audit?
What is a Data Protection Impact Assessment (DPIA)?
What is the purpose of the GDPR breach notification requirement?
What is the scope of HIPAA?
How can I prevent a data breach?
What is the UK’s Data Protection Act (DPA)?
What measures should I take to protect myself from data security threats?
What is a data breach?
How do organizations ensure they are meeting data security compliance requirements?
What steps should I take to protect my data?

What is GDPR’s definition of “consent”?

Related FAQs

Related Blog Posts