CHAPTER 6: LAWFULNESS AND CONSENT
Returning to the preservation of the data subject’s rights and freedoms, it is critical to ensure, before almost anything else, that your processing activities are ‘lawful’. There has been a lot of discussion around this, and in particular in relation to consent.
Consent is a key area in achieving GDPR compliance. Although consent is the simplest lawful basis available for processing personal data, it is also the easiest for data subjects to remove and the one most likely to generate legal difficulties for data controllers. The GDPR outlines the criteria for consent as the following:
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes ...
Get EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.