Proof

# Proof


The controller is subject to a duty of proof and accountability. They are responsible for compliance with the principles of processing personal data and must be able to prove this.
If the processing is based on consent, the controller must also be able to prove this. Otherwise, consent is deemed not to have been effectively given.
Appropriate technical and organisational measures shall be implemented to ensure and prove that the processing complies with the GDPR. The type of proof is not specified, but text forms and electronic documentation offer the greatest legal certainty.
The obligation to provide evidence can only be fulfilled by documentation or a data management system, which must be kept for at least three years.


## Based On
[Art. 5 Para. 2](https://gdpr.eu/article-5-how-to-process-personal-data/)
[Art. 6 Para. 1 lit. a](https://gdpr.eu/article-6-how-to-process-personal-data-legally/)
[Art. 7 Para. 1](https://gdpr.eu/article-7-how-to-get-consent-to-collect-personal-data/)
[Art. 24. Para. 1](https://gdpr.eu/article-24-responsibility-of-the-data-controller/)
[Comm. Art. 5 Rn. 37-39]()
[Comm. Art. 7 Rn. 89-91]()


## References
[Consent](https://gdpr.eu/article-7-how-to-get-consent-to-collect-personal-data/)
[Principles Relating to Processing]()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Proof #16

Proof

Based On

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Proof #16

Description

Proof

Based On

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions