Consent
Could not find Consent Task in your uploaded .bpmn files. Here is what you can
check to fix that:
- If you have Consent Task in one of your .bpmn files then check whether it has attached
property with name 'consent'.
- Remember, that order (is determined when .bpmn file is uploaded) of business processes is
crucial. Tool searches consent task in previous processes or previous tasks. That means
if Consent Task is in process with order 5, it will be ignored when analysing process with
order 4.
This task was marked as Consent Task, help me to identify some relevant attributes
of Consent class.
Show relevant GDPR articles
Definitions
-
[...] ‘consent’ of the data subject means any freely given,
specific, informed and unambiguous indication of the data subject’s wishes by
which he or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of personal data relating to him or
her; [...]
Lawfulness of processing
-
Processing shall be lawful only if and to the extent that at least one of the following
applies:
-
the data subject has given consent to the processing of his or her personal data
for one or more specific purposes; [...]
Conditions for consent
-
Where processing is based on consent, the controller shall be able to demonstrate that
the
data subject has consented to processing of his or her personal data.
-
If the data subject’s consent is given in the context of a written declaration which
also
concerns other matters, the request for consent shall be presented in a manner which is
clearly distinguishable from the other matters,
in an intelligible and easily accessible form, using clear and plain language. Any part
of such a declaration which constitutes an infringement of this Regulation shall not be
binding.
-
The data subject shall have the right to withdraw his or her consent at any time. The
withdrawal of consent shall not affect the lawfulness of processing based on consent
before
its withdrawal. Prior to giving consent, the data subject
shall be informed thereof . It shall be as easy to withdraw as to give consent.
-
When assessing whether consent is freely given,
utmost account shall be taken of whether, inter alia, the performance of a contract,
including the provision of a service, is conditional on consent to the processing of
personal data that is not necessary for the performance of that contract.
Conditions applicable to child's consent in relation to information
society services
-
Where point (a) of Article 6(1) applies, in relation to the offer of information society
services directly to a child, the processing of the personal data of a child shall be
lawful where the child is at least 16 years old. Where the child is below the age of 16
years, such processing shall be lawful only if and to the extent that consent is given
or authorised by the holder of parental responsibility over the child.
Member States may provide by law for a lower age for those purposes provided that such
lower age is not below 13 years.
-
The controller shall make reasonable efforts to verify in such cases that consent is
given or authorised by the holder of parental responsibility over the child, taking into
consideration available technology.
-
Paragraph 1 shall not affect the general contract law of Member States such as the rules
on the validity, formation or effect of a contract in relation to a child.
* Here we assume that if data subject has given consent prior to activities of processing
personal data (Consent Task was before Processing Task), then data subject agreed on all
processing purposes of processing his or her personal data.
** When collecting consent from data subject you should also provide some additional information
in agreement. Please see Article 13
(Information to be provided where personal data are collected from the data subject)
and Article 14 (Information to be
provided where personal data have not been obtained from the data subject)
Consent attributes