Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Documentation of conditions of consent for relevant processing purposes


If our organization processes personal data based on the consent of the data subject, we must ensure that the conditions for consent are met. The conditions for lawful consent are:

  • The controller must be able to demonstrate that the data subject has consented to the processing of his or her personal data
  • The request for consent must be clearly separated from other matters in an easily comprehensible form
  • The data subject may withdraw her consent at any time and has been instructed to do so before giving her consent
  • Withdrawal of consent must be as easy as giving it

The Data Protection Officer may be responsible for assessing the conditions of consent. It is also important to consider, whether consent is generally appropriate as a legal basis for the corresponding processing.

Connected other frameworks and requirements:
7. Conditions for consent
17. Right to erasure (‘right to be forgotten’)
A.7.2.3: Determine when and how consent is to be obtained
ISO 27701
A.7.2.4: Obtain and record consent
ISO 27701
A.7.3.4: Providing mechanism to modify or withdraw consent
ISO 27701
No items found.