IAPP Certified Information Privacy Professional/Europe (CIPP/E) Practice Test 2025 - Free CIPP/E Practice Questions and Study Guide

Consent is not needed for direct marketing when the individual has previously purchased goods or services from the organization, as long as the marketing directly relates to similar goods or services. This is known as the "soft opt-in" rule under GDPR, which allows for the use of existing customer data for marketing purposes without prior consent, provided that the individual was given the option to opt-out at the time their data was collected and each subsequent communication.

In this context, the reasoning behind the other options lies in the specific legal bases outlined within GDPR. Relying solely on public data does not automatically allow direct marketing without consent since the use of personal data must still adhere to GDPR principles. Conducting market research typically requires explicit consent from individuals, as it may involve personal data processing that goes beyond the limits of what is permitted without consent. For non-profit organizations, while there may be some flexibility in certain contexts, the rules still require careful adherence to GDPR's provisions regarding data processing and consent, particularly when marketing activities are involved.