This practical guide provides an overview of the notion of “consent” under the General Data Protection Regulation (GDPR), based on the explanations given by the former Article 29 Working Party (henceforth, the WP29)1.
It explains how data controllers can formulate their consent requests to be able to obtain and demonstrate valid consent received from data subjects whose personal information they hold and process. It does so by examining each separate specification and element of the so-called “valid consent”. Example cases are used to illustrate each of the elements examined.
The practical guide further analyses the notion of “explicit consent”, as well as the conditions under which consent obtained under the regime of the Data Protection Directive (Directive 95/46/EC) will suffice. The seeming conflict between the use of the term under the GDPR and under the revised Payment Services Directive (PSD2) is also explored.
The conditions under which consent already obtained under the old regime is adequate to meet the GDPR requirements are also explored.
1 It is noted that Article 29 Working Party no longer exists. Under Article 94 of the GDPR, “References to the Working Party on the