Saying "We Have Consent" Is Not Enough cover art

Saying "We Have Consent" Is Not Enough

Saying "We Have Consent" Is Not Enough

Listen for free

View show details

About this listen

In this episode of Compliance Technologies, we continue our series on GDPR fines by unpacking one of the most commonly misunderstood topics in data protection: lawful basis and consent.

GDPR requires that every instance of personal data processing have a clear and appropriate lawful basis. While consent is often treated as a default justification, it is also one of the most fragile, especially when systems cannot properly handle withdrawal, purpose changes, or downstream data use.

We explore why "we have consent" is often not enough, how organizations misuse consent when other lawful bases may be more appropriate, and why lawful basis should be treated as a system-level design constraint, not just a legal checkbox.

This episode reframes lawful basis as something systems must actively enforce, track, and respect over time.

If you build, operate, or oversee systems that process personal data, this conversation will help you understand where compliance claims often break down, even when intentions are good.
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.