OneTrust Certified Privacy Professional 2025 – 400 Free Practice Questions to Pass the Exam

Consent is considered valid under the General Data Protection Regulation (GDPR) when it is given freely, specifically, informed, and unambiguous. This means that individuals must have a clear understanding of what they are consenting to, and they must have the choice to consent without any pressure or coercion. The consent must also be specific to the processing of personal data, and it should not be inferred from silence or pre-ticked boxes.

Being informed is crucial; individuals must know the purpose of the data collection and how their data will be used. An unambiguous indication of consent means that the affirmative action taken (such as ticking a box or clicking a button) must clearly signify a person's agreement. This approach ensures that consent is meaningful and protective of individuals' privacy rights.

The other options do not align with the stringent requirements of the GDPR. Assumed consent, for example, does not meet the standard of being freely given or informed. Similarly, verbal expressions without documentation lack the necessary clarity and record-keeping needed to demonstrate consent. Coercive means entirely undermine the principle of free consent, making any such consent invalid under GDPR guidelines.