# Consent (legal basis)

Under the [GDPR](https://docs.assenteo.com/dictionary/gdpr), [PII](https://docs.assenteo.com/dictionary/pii) can only be collected and/or processed under a ‘legal basis’ (or simply, only if there is a reasoning for the processing).&#x20;

A [Processor](https://docs.assenteo.com/dictionary/data-processor) or [Controller](https://docs.assenteo.com/dictionary/data-controller) can rely on gaining the customer’s consent as a reasoning for data processing.&#x20;

For consent to be compliant, it must be:

* Freely given by the individual;
* Specific of what PII will be processed, how and why;&#x20;
* Communicated to the individual so they understand what, how and why PII will be processed (informed); and,
* A clear approval (an unambiguous indication of an individual's agreement) to the processing of their PII.

<br>

<br>