What is First and Second Layer Consent? Avoid Unnecessary Fines

We explain in simple terms how to comply with the obligation to inform on two levels and avoid common mistakes when collecting personal data.
Adriana
July 7, 2025

When collecting personal data—whether through forms, contracts, or apps—data protection regulations require us to inform individuals transparently. To achieve this, the General Data Protection Regulation (GDPR) introduces a layered information approach, making it easier for users to understand what happens to their data without being overwhelmed.

What is layered information?

The layered model involves providing information on two levels:

First Layer:
This is the most essential information, presented briefly and directly at the exact moment data is collected.

It includes:

  • Who is responsible for processing the data
  • The main purpose
  • The legal basis (consent, contract, legal obligation, etc.)
  • The individual’s rights
  • A link or direction to consult the second layer

The goal is to ensure users don’t have to read endless legal paragraphs and can clearly decide whether to give their consent or not.

Second Layer:
This includes the full, detailed information required by the regulation.

It includes:

  • Full identity and contact details of the data controller
  • All purposes of processing and their legal bases
  • Possible data sharing with third parties
  • International data transfers
  • Data retention periods
  • Extended rights and how to exercise them
  • Possibility of filing a complaint with the supervisory authority

This second layer is usually hosted in the website’s privacy policy or in a document that is easily accessible.

Why is the layer consent so important?

Because it ensures transparency and respects the user’s autonomy. If we only provided full information in a long block of legal text, most people wouldn’t read or understand it.

Layered information helps users understand, builds trust, and is also a direct requirement of the GDPR (transparency principle, Article 12).

Benefits of the layered model

  • Makes information easier to understand
  • Ensures consent is truly free and informed
  • Strengthens user trust
  • Helps comply with the law and avoid fines

Conclusion

Using layered information is not just a legal formality—it’s a best practice that shows commitment to privacy and respect for individuals.
Remember: a clear and brief first layer, and a complete and accessible second layer. That way, your data processing will be transparent, lawful, and responsible.

Want to check if your information texts comply with the GDPR? At Lawwwing, we can help. Contact us!

In this article
How can we help you?
If you have any questions, our specialists are here to assist you whenever you need it.
Live Chat
Share this article
Blog

Related Articles

Businesses trust Lawwwing to ensure their legal compliance, keeping their documents up-to-date and avoiding penalties.
cross