Securiti announces a $75M Series C Funding Round
ViewConsent is one of the primary legal bases that organizations leverage to collect and process personal data. As per Article 7 of the GDPR, consent can only be an appropriate legal basis for data processing if it is freely given, specific, informed and an unambiguous indication of the data subject’s wishes. This requires that an individual’s consent must be given voluntarily without any pressure or influence that could affect his or her choice. The use of dark patterns such as pre-selected tick-boxes, cookie walls or other such tactics used in websites that misguide users and force them to consent is prohibited under the GDPR. Data subjects should also be allowed to withdraw their consent at any time without any detriment. Furthermore, separate consent must be obtained for separate data processing purposes.
The GDPR also requires data controllers to be able to provide evidence that the data subject has given consent to the processing operation where processing is based on the data subject’s consent. This article digs deeper into the data controller’s responsibility of being able to demonstrate consent compliance.
Article 7(1) of the GDPR states as follows:
“Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.”
While talking about burden of proof, Recital 42 of the GDPR states as follows:
“Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.”
The afore-mentioned provisions of the GDPR indicate that the burden to demonstrate or prove that consent has been obtained from the data subject lies with the data controller. It is also consistent with the accountability principle of the GDPR, as stated in Article 5(2), that the controller shall be responsible for, and be able to demonstrate compliance with data protection principles.
As per the European Data Protection Board updated Guidelines on Consent, data controllers have liberty to create their own methods to demonstrate consent, in a way that does not hinder their daily operations. This should, however, not result in data controllers having excessive amounts of additional data processes. This means that organizations should have enough data to show consent was obtained but they should not be collecting any more information than necessary - to ensure data minimization.
To comply with the afore-mentioned requirements of the GDPR and EDPB Guidelines on Consent, organizations are required to do the following:
Securti’s Consent Management Platform helps organizations maintain comprehensive audit trails to demonstrate compliance as well as respect the data subject’s latest preferences. The audit trail is a detailed dashboard consisting of the following:
Securiti’s PrivacyOps platform captures the exact text of the agreement and the types of cookies to which the data subject consented to, thereby fulfilling the proof of consent requirement under the GDPR.
There can be several data processing operations where the data subject’s consent is considered an appropriate legal basis. For example, consent is relevant in email marketing and the installation of non-essential cookies and other similar tracking technologies. However, failing to obtain valid consent may expose organizations to exorbitant amounts of fines and penalties. Most global privacy regulations require organizations to not only obtain freely given consent but also to have proof of this consent for certain data processing activities. Doing this through manual methods is almost impossible given the amount of data that flows in and out of an organization in a single day.
Organizations need to find a solution that will help them automate this process, making it effective as well as cost and time-efficient. The Securiti Consent Management Solution offers:
Request a demo today and see how it can help your organization comply with global consent regulations.
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Looks like this email is already registered with an existing account.
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
Get all the latest information, law updates and more delivered to your inbox
October 13, 2020
On 1 October 2020, the Commission nationale de l'informatique et des libertés, the French Data Protection Authority (CNIL) published its amended guidelines on...
November 10, 2020
The deadline to implement the Updated Guide on the Use of Cookies (Updated Guide) released by the Agencia Española de Protección de Datos, the...
January 27, 2021
Organizations heavily rely on cookies for various ways of online advertising. Cookies collect user’s personal information, share, disclose or sell it to other parties...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128