Consent

…of the processing, they must be prepared to respect that choice and stop that part of the processing if an individual withdraws consent.” Strictly interpreted, this means the controller is not allowed to switch from the legal basis consent to legitimate interest once the data subject withdraws his consent. This…

Art. 7 GDPR – Conditions for consent

…to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent. When assessing…

Recital 42

…fact that and the extent to which consent is given. 3In accordance with Council Directive 93/13/EEC¹ a declaration of consent pre-formulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. 4For consent to be…

Recital 43

…it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. 2Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or…

Recital 32

consent. 4Consent should cover all processing activities carried out for the same purpose or purposes. 5When the processing has multiple purposes, consent should be given for all of them. 6If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise…

Email Marketing

…controller or is in the latter’s service. Therefore, much indicates that e-mail marketing is allowed without consent, at least for existing customers. If the company has a justified interest in ‘cold’ calling through e-mail marketing, the marketing e-mails may be sent to potential customers without consent. To receive no further…

Art. 43 GDPR – Certification bodies

…Board pursuant to Article 63; established procedures for the issuing, periodic review and withdrawal of data protection certification, seals and marks; established procedures and structures to handle complaints about infringements of the certification or the manner in which the certification has been, or is being, implemented by the controller or…