Crowell & Moring LLP

Consent is only one of the six legal grounds for processing personal data under the GDPR, but it is certainly the most well-known. While it might look safe and solid at first sight, it is becoming the weakest link of the GDPR compliance chain. First, consent can be withdrawn at any time, and the process for withdrawal must be as easy as the process for providing consent. Thus, a system built only on consent can…