R311. Demonstrate user consent

Requirement

The system must establish a mechanism which can be used to demonstrate that users have granted their consent to collection of their data.

Description

Systems usually request information from their users or collect it based on their interactions with the application. Regulations demand that none of these collections occur without the user’s consent and that this consent be demonstrable afterwards. Therefore, the system must have a mechanism that can be used to demonstrate the grant of the consent.

References

  1. GDPR. Art. 7: Conditions for consent.(1). Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

  2. ISO 27001:2013. Annex A - 18.1.4 When applicable, guarantee the privacy and security of personal information, as required by the relevant legislation and regulations.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy