pri-03-choice&consent.md

SCF - PRI-03 - Choice & Consent

Mechanisms exist to authorize the processing of their Personal Data (PD) prior to its collection that:

• Uses plain language and provide examples to illustrate the potential data privacy risks of the authorization; and
• Provides a means for users to decline the authorization.

Mapped framework controls

GDPR

• Art 12.6
• Art 14.3
• Art 6.1
• Art 7.1
• Art 7.2
• Art 7.3
• Art 7.4
• Art 8.1
• Art 8.2

ISO 27002

• A.5.33

SOC 2

• P2.0
• P2.1
• P3.2

Control questions

Does the organization authorize the processing of their Personal Data (PD) prior to its collection that:

• Uses plain language and provide examples to illustrate the potential data privacy risks of the authorization; and
• Provides a means for users to decline the authorization?