How is consent obtained?

<< Click to Display Table of Contents >>

Navigation:  Automation Service Overview > Security and compliance > Regulatory compliance > GDPR Compliance > GDPR compliance with in the Work Portal > Aspects to consider for GDPR compliance >

How is consent obtained?


Consider the following GDPR tips, regarding how to obtain consent to use personal data from the subjects involved:

GDPR Articles 7, 8, and 21 (right to object), relate to the Data Subject (be it for an adult, or a child under due authorized consent) having the possibility to explicitly authorize or not, the use of personal data by a Data Controller.


Recall that you should not only obtain an explicit consent from those individuals involved in your processes, where it is clear that you may use personal data for the specified purposes, but also need to be able to demonstrate that such consent was given.



You may design a separate process to obtain such consent along with its traceable evidence, where you notify about your privacy policy and the purposes of collecting and processing personal data, along with capturing explicit consent from individuals.

This is very applicable for individuals from whom you already have personal data in use.


You may also choose to modify your existing processes capturing personal data, so that you add in an activity that covers the same measures mentioned above (notify about your privacy policy and obtain explicit consent).

Recall that you may need to modify your existing data model so that you include any fields to save evidence of the explicit consent (as being accepted and authorized by Data Subjects).


Alternatively, consider that consent can also be obtained outside of the use Bizagi, by means which involve your own internal policies and imply that individuals would have to sign contracts.