🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 7 of the GDPR: Consent, a fundamental pillar of data protection

Home GDPR articles decrypted Article 7 of the GDPR: Consent, a fundamental pillar of data protection
Article 7 of the GDPR specifies the conditions under which consent a person may be validly collected to justify the processing of personal data. It guarantees that consent is free, informed, specific and unambiguous, and that it can be withdrawn at any time.

Article 7 of the GDPR explained

The article imposes several strict conditions on the collection of consent:

  • It must be given freely, without pressure or excessive compensation.
  • It must be enlightened, that is, the person must understand what they are consenting to.
  • It must be specific : Comprehensive consent is not sufficient for several distinct purposes.
  • It must be univocal, expressed by a clear action (no pre-checked box).
  • The person must be able to withdraw consent as easily as she gave it.

Why is this article important for your GDPR compliance?

Consent is often misused as the "default" legal basis. Article 7 requires you to ensure that this consent is valid, and to be able to prove it at any time.

It is also important to respect people's fundamental rights and establish a relationship of trust with your users.

How to comply with Article 7 of the GDPR?

  • Check that all your forms (contact, registration, newsletter...) receive clear, free and specific consent.
  • Avoid pre-checked boxes or implied consents.
  • Clearly inform users about the purpose of the processing and their right of withdrawal.
  • Document all consents obtained and put in place a mechanism to easily withdraw them (e.g. unsubscribe link).

Examples of application of Article 7 of the GDPR

  • An e-commerce company that offers a checkbox to receive a newsletter complies with the GDPR if the box is not pre-checked and the information is clear.
  • A website that conditions access to its content on the acceptance of all cookies violates the freedom of consent requirement.
  • A mobile application that allows the user to easily withdraw consent from the settings complies with Article 7.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.
👉 GDPR: Self-assess now

Other articles
on the same subject