On the other hand, by defining the condition as specific , the purposes of data processing must appear in a differentiated manner at the time of obtaining consent and cannot be expanded once the subject has consented to the collection and processing of their data.
This also creates the need for granular consent , that is, a box associated with each purpose.
The use of a confirmation checkbox is not mandatory on all forms, as long as a double opt-in system exists.
I have answered this question about 698 times according to the counter.
The mission of double-opt-in is confused with the mission of the consent philippine area code check box, and similar is not the same, my friends.
Double opt-in is an authentication system that certifies the user's identity and prevents identity theft and fraudulent subscriptions.
On the other hand, consent requires that it be prior to processing and double opt-in already implies processing from the moment my server collects that data and sends a validation email.
The check box, for its part, conditions the treatment to acceptance, that is, until the user clicks on the box, it is not possible to collect data and, therefore, guarantees prior consent associated with information.
-in complements the acceptance opt-in.
Furthermore, consent must be verifiable and we must be able to prove and document the following:
Who gave their consent : The data subject must be able to be identified by name or other elements that can identify them.
When and how consent was given , it is necessary to obtain it with a time stamp and in a way that we can guarantee that it has not been manually altered or manipulated.
What information did the consenting person receive : To comply with the GDPR requirement for more information, it is recommended to implement a layered or leveled information model.
All of this must prove consent and, therefore, the double opt-in cannot replace the check box.
As much as it pains us, there are no tricks or shortcuts because consent must be verifiable, unless you have a business relationship with the people on your list and can use legitimate interest as a legal basis.
The GDPR only affects companies in the European Union
No, the GDPR applies extraterritorially to all companies and websites that operate in Europe , that is, those that process data of European citizens, regardless of where the compan