Consent should be provided through a clear expression of will, which is a free, specific, informed, and unequivocal statement by the data subject to the processing of personal data concerning them. This could include checking a box when visiting a website, selecting technical settings of information society services, or any other statement or conduct that clearly indicates, in this context, the data subject's agreement to the proposed processing of their personal data. (Source: GDPR Regulation)
Companies use consent for the processing of personal data when they have no lawful purpose for processing personal data and cannot rely on legitimate interests.
Providing consent has its rules. The data subject must give their consent voluntarily, meaning, for example, that consent cannot be pre-ticked in a checkbox. Also, consent must be given for a specific purpose only. All other purposes must be separate. The requirements for obtaining consent must be simple, concise, and clear.
An organization requesting your consent must inform you about the method of personal data processing (including the purpose, sharing with third parties, retention period, automation, profiling, etc.).
Examples of when consent for personal data processing is required:
Training name | Training duration | Venue | Price | The nearest date |
---|---|---|---|---|
Personal Data Protection Act in accordance with the EU Regulation - GDPR |
1 day
|
Company in-house training | On request |
According to you
|