The consent of a data subject – an individual such as a customer – has so far been one of the lawful grounds for data processing. With Latvia required to fully pass the General Data Protection Regulation into its national law by May 2018, companies processing personal data will have to make an effort to ensure their data processing is lawful. This includes evaluating whether data processing by consent is done in accordance with the Regulation to avoid potentially large fines and build customer trust.