What is GDPR’s definition of “consent”?

GDPR (General Data Protection Regulation) is an EU law that regulates how businesses handle the personal data of EU citizens. One of the key concepts of GDPR is the definition of “consent.” GDPR defines consent as any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them. Under GDPR, consent must be given by a clear affirmative action, meaning that instead of opting-out of data processing, a person must actively opt-in. The person must also have a clear understanding of the data they are consenting to and how it will be used. Additionally, companies must keep a record of any consent given and who gave it, and must be able to demonstrate that it was freely given. If GDPR applies to a business in Maryland, then it must comply with this definition of consent. That means they must be able to show that data subjects have actively opted in, that they were fully informed of how their data would be used, and that they are able to withdraw their consent at any time. Companies must also keep records of any consents given, so that the data subject can prove they ever consented in the first place.

Related FAQs

What is the difference between data security, privacy and cyber security?
What measures should I take to protect myself from data security threats?
What are the key principles of data security?
What is the Fair and Accurate Credit Transactions Act (FACTA)?
What is the process for data security compliance?
What is the scope of data security compliance?
What is the Information Commissioner's Office (ICO)?
What are the implications of GDPR for small businesses?
What is a privacy impact assessment (PIA)?
What is the role of the data protection regulator?

What is GDPR’s definition of “consent”?

Related FAQs

Related Blog Posts