PRIV-05—Personal Information Notice and Consent: Additional Processing Activities
>Control Description
Where appropriate, Organization obtains individual consent for processing activities for which consent has not been previously obtained.
Theme
Process
Type
Preventive
Policy/Standard
Data Management Policy>Implementation Guidance
1. Ensure that consent is obtained for processing user data. 2. Ensure that any change in processing activities is followed by an update of consent.
>Testing Procedure
1. Inspect Data Protection Policy and procedure documents to determine whether organization obtains individual consent for processing activities for which consent has not been previously obtained.
>Audit Artifacts
E-PRIV-04
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.