Processing personal data is according to the GDPR only allowed with informed consent of the user (person involved). To get that informed consent it is required to be transparent about what personal data is processed and why it is processed. The user must be able to access this data, edit, delete or transfer it when he/she demands that.
Decision tree (GDPR tool)
In cooperation with the TU/e we have developed a decision tree that provides insights in what needs to be done to get informed consent regarding the GDPR law. The tool can be used from two perspectives:
The user perspective will give you insights if the organisation processes your personal data regarding the GDPR law.
The company perspective will give you insights of what an organisation needs to do to properly process personal data of its users regarding the GDPR law.
Starting with informed consent is mandatory but does not say anything about technical implementations or security. Fourtress is also a member of Brainport Techlaw to work together with other technical companies and lawyers to stay informed of new developments in the field of tech and law and to take the necessary actions.
Do you ask for informed consent the way the GDPR prescribes? Or do you want to know as a user if an organisation meets the requirements for informed consent according to the GDPR?