When personal data is processed on the basis of the data subject's consent, the organization should provide data subjects with a clear process for editing or withdrawing their consent. Editing may also mean limiting the processing of personal data, which may affect the controller's right to delete the data in question.
The process should include recording requests for editing in a way similar to recording consent. Changes to consent must be communicated to all relevant data systems, authorized users and third parties. The process should also define the response time in which the requests should be processed.
N.b.! Different jurisdictions may have restrictions on how and when the data subject can modify their consent.
If our organization processes personal data based on the consent of the data subject, we must ensure that the conditions for consent are met. The conditions for lawful consent are:
The Data Protection Officer may be responsible for assessing the conditions of consent. It is also important to consider, whether consent is generally appropriate as a legal basis for the corresponding processing.