UnderGDPR, the controller must demonstrate thatdata subjects have consentedto the processing of their personal data, and theconsent must be freely given.
What is therole of the DPO in ensuring compliancewith this requirement?
A.
TheDPO should ensurethat the controller hasinformed data subjectsabout theirright to withdraw consent.
B.
TheDPO should ensurethat the controller hasimplemented procedures to provide evidencethat consent has been obtained for all relevant personal data.
C.
TheDPO should personally recordinformation such aswho consented, when they consented, and how consent was given.
D.
TheDPO should approvethe legal basis for consent processing before the controller can collect personal data.
UnderArticle 7(1) of GDPR, controllers must be able todemonstrate that the data subject has given consent. TheDPO advises on ensuring these procedures are in placebutdoes not collect or approve consent directly.
Option B is correctbecausethe DPO must verify that consent records exist and meet GDPR standards.
Option A is incorrectbecauseinforming data subjects about withdrawal rights is the controller’s duty, not the DPO’s.
Option C is incorrectbecausethe DPO does not personally maintain consent logs.
Option D is incorrectbecauseDPOs do not approve legal bases for processing—this is the controller’s responsibility.
References:
GDPR Article 7(1)(Controller must demonstrate valid consent)
GDPR Article 39(1)(b)(DPO ensures compliance with data protection obligations)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit