Abstract
<jats:p>Personal data is truly considered the cornerstone of the modern digital economy. However, for personal data processing to be considered lawful, it must first and foremost be carried out on an appropriate legal basis. When processing their customers' personal data, economic entities typically rely on the latter's consent. For purposes such as entering into insurance contracts, providing marketing services, or granting loans, economic entities process information about various aspects of individuals' lives with their consent. The problem, however, is that personal data protection legislation in the country is relatively new, and legal norms are often formulated not as clear directives but as standards. As a result, economic entities process their customers' personal data based on their own perceptions and entrepreneurial considerations, which makes the protection of individuals' rights and legitimate interests problematic. Considering these issues, this article aims to examine the validity requirements for consent as a legal basis for processing personal data, drawing upon both Armenian legal regulations, judicial and law enforcement practices, as well as the best existing standards in the field, particularly EU legislation.</jats:p>