Oftentimes, companies fail to provide customers sufficient data privacy, leading to unprecedented volumes of exposed data. By far, the biggest data breach of the 21st century is the one Yahoo suffered in 2013, exposing 3 billion user accounts and personal identifying information (According to CSO Online).
The GDPR is not the only law dealing with consent. While the changes it brings seem to have the greatest impact, consent is an important aspect in other legislations as well. The following figure presents the data protection laws across the world, providing a comparison between various such laws.
“Technology trust is a good thing, but control is a better one.”
GDPR requires consent from EU citizens before allowing companies to collect any personal identifying information. It also brings a new perspective on consent management, in which the liberty to withdraw consent must be granted at any moment.
"Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."
Data subjects need to be told all purposes for processing their personal data before they give their consent.
Consent management should be performed through positive, affirmative action so that the wishes of the data subjects are clear.
For consent to be considered valid, data subjects should be informed of the controller’s identity, the purpose of the processing and how processing might affect them.
Data subjects must be able to choose whether or not they want their data to be processed. Under no circumstances should consent be coerced.
GDPR is not the only law that regulates consent, as it is an important part of other regulations as well. PSD2, COPPA, PIPEDA and PDPA are some of the world’s laws that approach consent.
The truth is that even though a country does not have a data protection regulation in place, if companies want to process EU citizens’ data, they will need to comply with the GDPR to avoid hefty fines.
In order for businesses to comply with all these requirements, it is important that they put in place an effective consent management process.