| A user has to consent to each use of her data. This is a misunderstanding. Consent is only one acceptable legal basis for processing personal data under the GDPR. Almost everyone is going to use it as little as possible in future because of all the extra red tape involved. Ironically, that probably means a lot of organisations will now be straining to justify processing on some other basis and to minimise use of data subjects' explicit consent and exposure to the associated subject rights. Just make a list where you explain in simple words how you want to use the data and add a checkbox to each item (default not checked). It's not that simple, because for example organisations may have legal obligations or legitimate interests in processing data about someone even though it may not be in that person's interest. Consider these: [ ] I agree that my bank may keep records of the money I owe them. [ ] I agree that the car rental firm may keep a record of me borrowing their vehicle. [ ] I agree that the school where I'm applying for a job may do a background check before trusting me to look after kids. Obviously there are many issues like this where consent for the data processing can't be voluntary and independent of everything else that is going on. |