How can I legally obtain consent for data processing?
April 28, 2022 | 50,00 EUR | answered by Babette Krüger
Dear Data Protection Lawyer,
My name is Quentin Jung and I am the managing director of a small company specialized in the sale of sports equipment. Lately, I have been receiving more and more inquiries from customers who want to know how I process their data and whether they need to consent to the processing of their data.
So far, I have mostly obtained verbal consents from customers, but I have been informed that this approach may not be legally secure. I am concerned that I may be violating the General Data Protection Regulation (GDPR) and that legal consequences could ensue.
I would like to know how I can legally obtain consent for data processing to protect my customers and my company from legal issues. Are there specific forms or processes I need to follow to ensure that customer consent is compliant with the law?
Thank you in advance for your help and support with this important matter.
Sincerely,
Quentin Jung
Dear Mr. Jung,
Thank you for your inquiry regarding obtaining legally compliant consents for data processing in your company. It is very understandable that you are concerned about complying with the General Data Protection Regulation (GDPR) and the legal consequences that could arise in case of a violation.
First and foremost, it is important to understand that consent for data processing must meet certain requirements according to the GDPR in order to be considered legally compliant. While verbal consent is generally possible, it is more difficult to prove that it was actually obtained. For this reason, I recommend obtaining written consent, as it is more easily verifiable and provides legal certainty.
To obtain legally compliant consent for data processing, you should create a corresponding consent form. In this form, you should clearly and comprehensively explain which data will be collected, processed, and stored for what purpose. Additionally, you must specify how long the data will be retained and what rights customers have regarding their data (e.g. right to access, rectification, deletion).
Furthermore, consent must be voluntary, meaning customers must have the option to refuse consent without facing negative consequences. Consent must also be actively obtained, meaning customers must explicitly agree, for example, by checking a box.
It is important to document consent, so you should keep a record of when and how consent was obtained. This serves as evidence in case of legal disputes.
I also recommend regularly reviewing the validity of consents and re-obtaining them if the data processing changes or the consent expires.
I hope this information is helpful and provides you with guidance on how to legally obtain consents for data processing in your company. If you have any further questions, please do not hesitate to contact me.
Best regards,
Babette Krüger
Data Protection Lawyer
