What is GDPR’s definition of “consent”?

The General Data Protection Regulation (GDPR) is a law created to protect the personal data of people living in European Union (EU) countries. The GDPR defines consent as any freely given, specific, informed, and unambiguous indication of will from an individual, which indicates that they agree to the processing of personal data related to them. Consent must be given in a clear manner, meaning that the individual must be given all of the information about what will happen to their information before they are asked to give their consent. For minors, consent is only valid if given by a parent or legal guardian. If a person withdraws consent or if it is deemed invalid, any processing activities occurring as a result of the previously given consent must stop. Consent must also be specific, meaning that an individual must provide separate and distinct consent for each processing activity. Furthermore, consent cannot be a precondition for a service which must be provided, nor can consent be bundled with other terms and conditions. Overall, the GDPR places an emphasis on providing individuals with the information they need to make an informed decision before their personal data is processed, and providing a clear, unambiguous way to grant consent before processing begins.

Related FAQs

What is the definition of “personal data” under GDPR?
How do I respond to a data security audit?
What is the scope of data security compliance?
What rights do I have when it comes to data security?
What are the implications of GDPR for small businesses?
What is the difference between a data security policy and standard?
What is the Personal Information Protection and Electronic Documents Act (PIPEDA)?
What steps should I take to protect my data?
What is the scope of HIPAA?
What is the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework?

What is GDPR’s definition of “consent”?

Related FAQs

Related Blog Posts