Consent Management Under GDPR

Consent is one of the lawful bases for processing personal data under GDPR. When consent is required, it must meet specific standards to be valid. **Requirements for Valid Consent** 1. **Freely given**: People must have a genuine choice; consent obtained under pressure is not valid 2. **Specific**: Consent must be for a specific purpose, not general data processing 3. **Informed**: People must understand what they're consenting to 4. **Unambiguous**: Consent requires a clear affirmative action 5. **Documented**: Organizations must keep records of consent 6. **Withdrawable**: People must be able to withdraw consent easily **Pre-ticked Boxes Are Not Consent** Silence, pre-ticked boxes, or inactivity do not constitute valid consent. Users must take an active step to consent. **When Is Consent Needed?** Consent may be required for: - Marketing communications - Cookies and tracking technologies - Sharing data with third parties - Processing sensitive personal data - Certain types of profiling **Consent for Marketing** For marketing communications: - Obtain clear opt-in consent before sending - Make it easy to unsubscribe - Honor opt-out requests promptly - Keep records of consent and preferences **Consent Is Not Always Required** Other lawful bases for processing include: - Contractual necessity - Legal obligations - Vital interests - Legitimate interests Consult your data protection team to determine the appropriate lawful basis for your processing activities.