Download as PPSX, PPTX
More Related Content
consent:gdpr
- 1. CONSENT UNDER THEGDPR: PRELIMINARY THOUGHTS
- 2. ARTICLE 29 WORKING PARTY Independent advisorybody set up under Article 29 of the 1995 Directive that advises, provides recommendations, and promotes application of data protection laws Comprises of DP authorities from each member state, European Data Protection Supervisor, and the European Commission
- 3. ARTICLE 6 ARTICLE 5 ARTICLE4(11) CONSENT IN THE GDPR
- 4. ARTICLE 6 LAWFULNESS OF PROCESSING CONSENT PERFORMANCEOF ACONTRACT COMPLIANCEWITH A LEGAL OBLIGATION PROTECTIONOFVITAL INTERESTS PUBLIC INTEREST LEGITIMATE INTEREST
- 5.
- 6. ARICLE 4(11) CONSENT “Consent” meansany freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- 7. CONSENT FREELYGIVEN When isconsent not valid? If a data subject has no real choice; If a data subject feels compelled to consent; If a data subject will endure negative consequences if they do not consent.
- 8. CONSENT FREELYGIVEN Is therean imbalance of power? Assess whether performance of a contract is conditional upon processing of personal data that is unnecessary for performance. Consent should be given for each of multiple purposes aka ”granularity”. Data subjects should have the right to refuse or withdraw consent without the threat of detriment.
- 9. CONSENT SPECIFIC This aimsto ensure a degree of user control and transparency. Specify the purpose for the intended processing.This satisfies Article 5 and safeguards against Function Creep. Ensure Granularity in consent requests.
- 10. CONSENT INFORMED Minimum Requirements Controller’s identity Purpose ofeach processing operation for which consent is sought Type of data that is being collected and used Existence of right to withdraw consent Automation processes and risks
- 11. CONSENT INFORMED How do you provide information? Ensure you use clear and plain language. Do not use long privacy policies. Avoid drafting pitfalls like “I know that…”
- 12. CONSENT UNAMBIGUOUS INDICATION It meansthe data subject is signifying their agreement to processing of personal data through an active motion or declaration. Written Statement are great. A blanket acceptance of general terms and conditions is not. Click fatigue is a problem.
- 13.
- 14. EXPLICIT CONSENT When is it required? Explicitconsent is required when serious data protection risks arise: for example, while processing special categories of data or transferring data to third countries without adequate safeguards. In such scenarios, a high level of individual control over personal data is appropriate.
- 15. EXPLICIT CONSENT How do you obtainit? Get a written statement of the data subject… and make them sign it. Implement a two-step verification process. Get the data subject to send an “I Accept” email. Obtain explicit consent through a telephone conversation – provided that the information provided is intelligible and clear. Get the data subject to sign through an electronic signature.
- 16. ADDITIONAL CONDITIONS If processingis based on consent, controllers should be able to demonstrate that data subjects have consented. As long as a data processing activity lasts, controllers should be able to prove that a data subject has consented to processing. After processing ends, proof of consent should be kept no longer than necessary. WP29 Recommends: Refresh the consent exercise at appropriate intervals.
- 17. ADDITIONAL CONDITIONS Data subjectsshould be able to withdraw consent in the same in the same manner and as easily as they give it. There should be no detriment to the data subject while withdrawing consent.
- 18. FOR MORE DETAILS,PLEASE REACH OUT TO: [email protected] [email protected]