Right to withdraw consent

Among the data subject rights provided by the European General Data Protection Regulation (GDPR), the one that particularly protects users’ freedom of choice is the right to withdraw consent.
According to Article 7 of the GDPR, “The data subject shall have the right to withdraw his or her consent at any time,” and the withdrawal of consent must be “as easy as giving it.


Let’s look at a practical example.
If a user subscribed to a company newsletter decides they no longer wish to receive communications, they must be given the ability to withdraw their consent. The company must not obstruct the withdrawal in any way and should provide a simple and intuitive opt-out procedure. For example, a direct unsubscribe link can be included in each newsletter, and the same link could also be added to the online form where the subscription was collected.

If the consent withdrawal procedure is misleading and contradictory, it may lead to sanctions. This is what happened to ClickQuickNow, a company based in Warsaw, Poland, which received a fine of approximately €47,000 from the Polish Supervisory Authority for obstructing the exercise of the right to withdraw consent.

The Authority collected complaints from several users who, when attempting to withdraw consent, encountered a procedure with contradictory messages and unclear indications that effectively prevented them from proceeding and completing the process.
The monetary fine was accompanied by an order to comply with GDPR provisions within 14 days and to delete the personal data of users who requested the cessation of the processing of their personal data.

When user personal data and consents for various purposes are distributed across multiple systems, software, and non-centralized databases, responding to data subject rights becomes very complex, especially in cases of withdrawal or limitation of consent. The risk of delay or an incomplete response to users can cause an internal crisis that affects both the financial aspect, with GDPR fines, and the reputational aspect, causing significant damage to the company’s image.

For this reason, it is important for companies to consider solutions for centralized and compliant management of consents and to establish procedures to respond to data subject rights within the 30-day period stipulated by the GDPR.

Trust Guardian’s approach to the right to withdraw consent
Trust Guardian can help your company manage consents in a compliant and centralized manner and provide solid support in fulfilling users’ rights in a timely way, offering the following tools to track and respond to data subject rights requests promptly:

  • Centralized consent registry
  • myPrivacy: a self-service area for your customers to manage and modify consents
  • Black box with the Privacy History for each data subject
  • Web interface for data subjects to exercise their rights
  • Centralized registry for DPO/Legal to manage data subject rights requests

Legal, ICT, marketing: comprendiamo le tue necessità

Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.

legal1 legal2

Come DPO, Legal & Compliance voglio gestire le contestazioni e recuperare prove e fatti
ict1 ict2

Come ICT voglio mettere ordine nei flussi di gestione della privacy dei clienti
marketer1 marketer2

Come Marketer voglio lavorare in tranquillità e sicurezza

Trust Guardian è perfetto per diversi casi d’uso

Ecommerce basket

Solutions for trade shows and events
Fidelity card

Solutions for Loyalty Cards
Stand

Solutions for Marketers
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.