Lawfulness of processing according to the new provisions of the GDPR

jogoterbaire@

The GDPR has not modified the pre-existing system, confirming the requirements already established by the current legislation for the lawfulness of any processing : consent, contractual obligations, vital interests of the interested party or third parties, legal obligations of the owner, public interest or exercise of public authorities, prevailing legitimate interest of the owner or of third parties to whom the data are communicated.Some clarifications are instead dictated regarding the methods of consent which must be free, explicit , unequivocal, specific and informed . Consent cannot therefore


be tacit or presumed but must be expressed through an Special Data unequivocal positive declaration or action . The owner must also be able to demonstrate not only the consent but also the existence of the aforementioned requirements .It is intuitive to understand that the greater attention with which the GDPR looks at the methods of requesting and providing consent is destined to have a greater impact for those companies that operate (and request and obtain consent) only online .The specifications introduced by the GDPR make it appropriate for companies to verify that consents to processing already in place meet the new requirements . Otherwise, it will be necessary for companies to request new consents by May 25, 2018.Regulation informationThe European legislator has also redefined - by detailing it - the mandatory content of the information which , at the time of




collecting consent, the owner must provide to the interested parties in writing (also in electronic format), in a concise, transparent, intelligible and easily accessible form, as well as in simple and clear language.Still regarding the methods with which the owner must inform interested parties at the time of data collection , the GDPR admits, institutionalizing it, the use of standardized icons that represent the contents of the information in summary form . These icons (which will be defined by the European Commission) can only be used in combination with the information itself and, if presented electronically, must be accessible from any device.In light of the innovations introduced, it is advisable for data controllers to verify the compliance of the information currently used with all the criteria introduced by the new legislation in order to adapt them, if necessary, by the deadline of May 25th.