Step 3

Consent

Could not find Consent Task in your uploaded .bpmn files. Here is what you can check to fix that:

  1. If you have Consent Task in one of your .bpmn files then check whether it has attached property with name 'consent'.
  2. Remember, that order (is determined when .bpmn file is uploaded) of business processes is crucial. Tool searches consent task in previous processes or previous tasks. That means if Consent Task is in process with order 5, it will be ignored when analysing process with order 4.

This task was marked as Consent Task, help me to identify some relevant attributes of Consent class.

Art. 4 GDPR
Definitions
  1. [...] ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; [...]

Art. 6 GDPR
Lawfulness of processing
  1. Processing shall be lawful only if and to the extent that at least one of the following applies:
    1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes; [...]

Art. 7 GDPR
Conditions for consent
  1. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
  2. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.
  3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof . It shall be as easy to withdraw as to give consent.
  4. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
Art. 8 GDPR
Conditions applicable to child's consent in relation to information society services
  1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.
  2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
  3. Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.

* Here we assume that if data subject has given consent prior to activities of processing personal data (Consent Task was before Processing Task), then data subject agreed on all processing purposes of processing his or her personal data.
** When collecting consent from data subject you should also provide some additional information in agreement. Please see Article 13 (Information to be provided where personal data are collected from the data subject) and Article 14 (Information to be provided where personal data have not been obtained from the data subject)
Consent attributes