With everyone talking about GDPR and our clients frequently asking us whether they are doing enough to comply we thought we ought to shed some light on one of the most prominent topics in our industry – consent.
The GDPR drastically changes what can be classified as consent and having an understanding of the new requirements will help you make the necessary changes to stay within the law through the period of change and beyond.
“Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
This will see many current practices fall into extinction, for example pre-ticked boxes, bundling extensive T&C’s and silence statements. These practices will make way for other acceptable solutions which involve individuals actively completing an action, such as ticking a box by a simple and specific statement and offering written consent.
Below we have provided you a simple checklist for ensuring you are covering all bases and being compliant in your approach to consent.
The best solution for any data processer will be to check you are compliant by this checklist and then keep a record of all data you receive, detailing who consented, when they did so, what information you gave them and how they consented to sharing their data.