Consent is one of the key areas in achieving compliance with the GDPR. Although consent is the simplest lawful basis available for processing personal data, it is also the one most likely to generate legal difficulties for data controllers. The GDPR outlines the criteria for consent as the following:


‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.160

Like other elements involved in preserving data subjects’ rights, the data controller is responsible for abiding by these criteria. Ensuring that data ...

Get EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.