OneTrust Certified Privacy Professional Practice Exam 2025 - Free Privacy Professional Practice Questions and Study Guide

Under the General Data Protection Regulation (GDPR), one of the key requirements for data consent is that it must be clearly stated and documented. This means that individuals must provide explicit permission for their personal data to be processed, and this consent must be given in a clear and understandable manner. The individual must be informed about what they are consenting to, including the specific purposes for which their data will be used.

Additionally, organizations are required to keep records of that consent to demonstrate compliance with GDPR. This documentation serves as proof that consent was obtained appropriately, helping to ensure accountability and transparency in data handling practices. Clear communication is essential to ensure that individuals fully understand what they are consenting to, which builds trust and aligns with the principles of data protection.

Consent cannot be vague or ambiguous, which is why the other options do not align with GDPR's requirements. Inferred consent or consent based solely on behavior does not meet the standards, as it lacks the clarity and explicitness needed. Furthermore, while under certain circumstances parental consent is necessary for processing the data of minors, it is not a blanket requirement for all data consent under GDPR; adults must also provide clear consent for their own data.