Answer:Consent.
Step-by-step explanation:
GDPR requires any organization processing personal data to have a valid legal basis for that processing activity. The law provides six legal bases for processing: consent, performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest. If the data subject, a.k.a. natural person, consents to processing without knowing the (several) purpose(s) in full and in an easy to understand way, then consent is not a legal ground for processing as it's by definition not freely given, specific, informed and unambiguous. Moreover, consent cannot be bundled. Consent needs to be an unambiguous indication. Consent is an act: it needs to be given by a statement or by a clear act. Consent needs to be distinguishable from other matters. The request for consent needs to be in clear and plain language, intelligible and easily accessible.