CHAPTER 10: CONSENT
Consent is one of the key areas in achieving compliance with the GDPR. Although consent is the simplest lawful basis available for processing personal data, it is also the one most likely to generate legal difficulties for data controllers. The GDPR outlines the criteria for consent as the following:
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.160
Like other elements involved in preserving data subjects’ rights, the data controller is responsible for abiding by these criteria. Ensuring that data ...