What should a company ensure to be GDPR compliant?

To be compliant with the General Data Protection Regulation (GDPR), a company must ensure that it obtains explicit consent for data processing. This regulation places a strong emphasis on protecting individuals' personal data and privacy rights. Obtaining explicit consent means that companies need to clearly inform individuals about what their data will be used for, how it will be processed, and ensure that individuals agree to this in a clear and affirmative manner. This includes being transparent about the purposes for data collection, as well as providing individuals the opportunity to withdraw their consent at any time.

This requirement is fundamental to GDPR compliance, as it empowers individuals and gives them control over their personal data. The other options, while potentially relevant to a company's overall marketing strategy or operations, do not address the essential legal aspects that ensure compliance with GDPR.