Digital consent registration
How does your documentation help with digital consent registration (for example, a user accepts the cookies on my website or subscribes to a newsletter)? Since the consent needs to be stored or registered somewhere, but I don’t see it anywhere in your documentation.
Assign topic to the user
Our GDPR Documentation Toolkit provides text of the consent and for the Cookie policy that must be implemented in the technical systems. GDPR requires that consent can be expressed also by an action which must be recorded in order to ensure accountability.
The register of processing activity (folder Mapping of Processing activities), for example, require to list for each processing activity (like website, or newsletter) the data processed, the purposes of processing and the record, so if the consent is given in electronic form, and registered technically in the newsletter service provider it should be registered, adding also if a transfer of data to third countries happens.
Then, the IT Security Policy, at paragraph 3.13 list all rules for email and other messaging system, requiring “Users may only send messages containing true information. It is forbidden to send materials with disturbing, unpleasant, sexually explicit, rude, slanderous or any other unacceptable or illegal content. Users must not send spam messages to persons with whom no business relationship has been established or to persons who did not require such information”. In the Access Control Policy there is the list of persons/roles who can access to a system/network or physical area and specific rules for mailing list management can be implemented.
If you want to know more about data subjects’ rights, consent and compliance to GDR here you can find more information:
- Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
- Is consent needed? Six legal bases to process data according to GDPR https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
- Email marketing in the era of GDPR – How to ensure compliance? https://advisera.com/eugdpracademy/blog/2019/05/27/gdpr-and-email-marketing-rules-for-compliant-campaigns/
If you need to understand how to data subject rights need to be managed under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 05, 2021