POPIA consent management

Consent is a popular legal basis for processing personal information, but it has its challenges.  Consent can only be an appropriate lawful basis if a data subject is offered control and is offered a genuine choice with regard to accepting or declining the terms offered or declining them without detriment. If the data subject’s control is ineffective, consent will be an invalid basis for processing personal information, rendering the processing activity unlawful. Before asking for consent, a responsible party has the duty to assess whether it can meet all the requirements to obtain valid consent.

It is important to note that if a responsible party chooses to rely on consent for any part of the processing, it must be prepared to respect that choice and stop that part of the processing if a data subject withdraws consent. Sending out the message that data will be processed on the basis of consent while actually some other lawful basis is relied on would be fundamentally unfair to data subjects.

It is also the responsible party who bears the burden of proof that the data subject’s or competent person’s consent has fulfilled the requirements for valid consent. Consequently, appropriate records of the process followed and the consent obtained must be maintained.The POPIA platform automates the workflow and record keeping for consent to be a valid legal basis for processing personal information.