* JORDI PALET MARTINEZ > I don't know it by memory
Huh. In that case, what do you base your claims about what the GDPR requires on, exactly? > 1) Before 25 May 2018, every EU citizen or resident must get a confirmation > from any database holder with his personal data, to re-confirm the > authorization. Not true. Assuming the lawful grounds for processing is «consent» pursuant to article 6(1)(a) GDPR, and consent was given prior to 25th of May 2018 in a way that satisfies the requirements for consent pursuant to article 7 GDPR, then there is no need to ask the data subject to «re-confirm». The process of subscribing to a mailing list does to me seem to constitute valid consent. It would also be possible to instead the lawful grounds «necessary for the performance of a contract» pursuant to article 6(1)(b) GDPR, in which case valid consent is not required. The lack of a privacy statement is likely a bigger problem as far as GDPR compliance is concerned. > 2) Right to object. Art. 59, but also many others. It is not probably clearly > said that it must be in a footer but it must be clearly available how to. It is most definitively not mentioned in the article 59 GDPR because that article about annual activity reports issued by the supervisory authorities, so that one totally irrelevant here. You are right that there is a right to object (article 21 GDPR). However that has absolutely nothing to say about mailing list footers either. Tore
