TB Neuffen: Obligation to consent in data protection – new things on the playing field!

TB Neuffen: Obligation to consent in data protection – new things on the playing field!

Since its introduction, the General Data Protection Regulation (GDPR) has had far-reaching effects on the processing of personal data in Europe. A fundamental requirement of this regulation is the clear consent of data subjects to the use of their data. According to bfdi.de, consent is only valid if it is given unambiguously and the active behavior of the user is required. Simply pre-filled boxes are not sufficient. In addition, every user must be informed about their rights regarding data processing.

Another important aspect of the GDPR is the principle of “purpose limitation”. Data should only be processed for the specified purposes. For example, an address may only be used to ship a book, not for advertising purposes. The principle of “data minimization” also remains, so that only the most necessary data may be collected, as bmj.de describes.

New requirements and consumer rights

The GDPR also brings with it new requirements for consent to data processing. Separate consent is required for different data processing, while blanket consent is not permitted. Consumers have comprehensive rights, including the right to information, correction and deletion of their data as well as the right to withdraw their consent, as bfdi.de further explains. A particularly important regulation is the ban on coupling: the fulfillment of a contract or a service may not be made dependent on the granting of unnecessary consent.

Additionally, the GDPR requires that consent be given in an informed manner. This means that data subjects must receive a clear and understandable explanation of the purposes of processing and the types of data collected. The possibility of revocation must be available at any time and must be as simple as the original consent.

Integrating data protection into technologies

The “Privacy by Design” and “Privacy by Default” principles require that data protection be integrated into technologies and services from the outset. This means that providers must choose privacy-friendly default settings. Consumer rights, such as the right to object to data processing or the right to data portability, are also set out in the GDPR. These rules are intended to ensure that the processing of personal data protects users' privacy and gives them control over their information.

Overall, compliance with the General Data Protection Regulation is crucial for companies, as the consequences of violating the regulations can be significant. Following these strict privacy policies is not only a legal obligation, but also a sign of a company's commitment to the security and privacy of its customers.