UK regulator's guidance on GDPR consent — is the efinition any clearer?

摘要

Firstly, controllers should be analysing all current legal bases for processing data. To the extent that consent is being relied upon to legitimise data processing activities, the mechanisms and processes should be reviewed to assess whether they meet the GDPR standard (unbundled, documented etc.). Where the GDPR standard has previously been met, controllers need not refresh existing consents. Where the existing consents do not, however, meet the GDPR's higher threshold, because for example, each third-party is not named or consents are bundled, then fresh consent will be required, or controllers will need to find a new legal basis for processing or stop the processing altogether.