GDPR compliance: how to collect consent from individuals?

Published on : 01 February 20213 min reading time

Faced with the increasing number of computer security breaches, it is more than necessary to protect personal data. In order for this protection to be effective, a law on the subject has even been introduced: the GDPR. What is it all about? And how to collect the GDPR consent?

The GDPR, in a few words!

The GDPR, or General Regulation on Data Protection, is a law that governs the processing of personal data within the European Union. This data concerns all information relating to the identity of a natural or legal person (the company). In principle, this information is personal and is not accessible to others. Nevertheless, in certain cases, the processing of this data is imperative.

The main principles

The GDPR applies not only to the owners of the data but above all to the controller. According to its Article 6, the collection and processing of data must be lawful and transparent. In other words, they must be notified of the data subject and the data collected must comply with what has been mentioned. Likewise, the data subject has the right to access, modify or delete his or her personal data. He or she can also refuse the processing: this is the principle of GDPR consent. Finally, consent must be proved, through a positive statement or act. (For example, a ticked box if the processing is done online).

According to the GDPR, data processing cannot be carried out without the consent of its owner. But what is meant by consent? By definition, consent is a manifestation of will. It must be free, informed, and prior. Situations such as violence or fraud, therefore, constitute a defect of consent.

The GDPR has even added a right of withdrawal. This means that the person concerned may at any time withdraw his or her consent, through a simple modality. Similarly, the controller must demonstrate the existence of consent, otherwise, the processing cannot be carried out. The processing of personal data of minors is also prohibited unless the minor is at least 16 years old and has received parental authorization and consent. However, GDPR consent has certain limits. It is not required when the processing has a legitimate interest for the controller. This is the case for the performance of a contract. In this case, the applicable terms and conditions depend on the clauses concluded between the two parties.

Personal data, data processing, GDPR, what is it about?
GDPR compliance: how to inform people and ensure transparency?

Plan du site