GDPR means that consent must be freely given, you must be able to show a positive opt in and should be unambiguous.
As an organisation you should review how you obtain and record consent and whether you need to make any changes under GDPR. At all times the customer must be aware what they are consenting to i.e. how their personal data is going to be processed and the reasons it is being done. They must be left in doubt as to what they are consenting to.
For consent to be freely given there must be a positive indication, consent cannot be inferred by ‘silence’, just because they didn’t say NO, it doesn’t mean YES!
Are all of your consented records GDPR compliant? Now is the time to check, if found lacking, now is the time to amend!
Consent needs to be verifiable – you must inform individuals of their right to withdraw consent at any time, as a data controller you much be able to prove that consent to a specific processing activity has been given freely and in a positive manner.
As a data controller you need to have an effective audit trail.
In conclusion if you are relying on consent as you legal basis for processing:
- It needs to be an affirmative action
- It needs to be clear and unambiguous
- The individual needs to be made aware that they can withdraw consent at any time
- There needs to be an easy way to withdraw consent
- Consent is specific and separate consents need to be obtained for each purpose
- Consent needs to be freely given
- It needs to be informed
- Privacy policies for Children
- Safe Harbor Certification
- The Importance of Safe Harbor Certification
- Privacy Breach
- NHS care.data delayed - updated
- CASL - Canadian Anti Spam Legislation
- Changes to Safe Harbor certification
- Facebook Instant Personalization
- Safe Harbor vs Binding Corporate Rules
- Safe Harbor 2.0
- GDPR - General Data Protection Regulation
- Difference between GDPR and ePrivacy regulation
- What are Standard Contractual Clauses?
- Privacy Shield Vs Standard Contractual Clauses
- Data Protection for the Social Housing Sector
- Does Working from Home Affect Data Protection?
- How Can I demonstrate that My Organisation is GDPR Compliant?
- To BREXIT and Beyond!
- GDPR - The Data Audit
- Preparing for GDPR
- Marketing and GDPR
- GDPR & International Organisations
- Processing Data Belonging to Children
- The Data Breach
- The Data Protection Officer
- DPIA - Data Protection Impact Assessment