EU Releases Guidance on GDPR Consent

The European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018, governs how companies and organizations must protect EU citizens’ personal data, including the use of consent. The European Data Protection Board (EDPB), the EU decision making body charged with ensuring a consistent application of the GDPR, has released The Article 29 Working Party Guidelines on Consent, which contains guidance on the GDPR consent requirements.

Under the GDPR, consent is one of the lawful bases to access and process personal data. The GDPR defines consent in Article 4(11) as “any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” The Article 29 Working Party Guidelines on Consent explains the elements of consent and provides guidance to data controllers as to how to fulfill the new requirements for consent established by the GDPR. Additionally, the Guidelines provide direction for obtaining explicit consent in situations in which serious data protection risks may occur, as well as specific information for consent matters involving children.

TIP: As the GDPR is now in effect, companies should monitor and review any guidance issued by the EU relating to the application and enforcement of GDPR provisions.

Register now for your free, tailored, daily legal newsfeed service.

EU Releases Guidance on GDPR Consent

Filed under

Laws

Popular articles from this firm

PIP and hips. Do we need a new regulatory system for medical devices? *

Antitrust and competition – the EU weekly briefing (11 August 2014) *

Public to Private Transactions of UK Listed Companies: Navigating the UK Waters *

Antitrust and Competition - The EU Weekly Briefing ( 6 September 2016) *

2015 Privacy Year In Review *

Related practical resources PRO

Related research hubs