Consent: Getting it right under the new rules #GDPR
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
From May 2018, the current rules under the Data Protection Act 1998 will be superseded by much stronger rules designed to tackle, in particular, huge changes in technology. The consultation will end on 31st March with the finalised guidance expected to be issued at some point in May.
Our mini-series will cover the following questions:
- What is consent?
- What does this mean for your business?
- Do we always need consent to process data?
- How do we now record and manage consent?
The GDPR introduces a higher standard for consent – one of the grounds or conditions requiring to be met to demonstrate “lawful processing,” with the aim of giving individuals genuine choice and control over how their data is used by organisations.
Under the GDPR, consent must be “freely given, specific, informed and an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This, essentially, spells the death knell for the opt-out box much loved by marketers and data managers.
The new rules also make the withdrawal of consent just as important for individuals as the consent itself. Whilst consent must be expressly given, there must also be mechanisms in place to allow individuals to withdraw their consent and these must be as easy to access as the consent itself.
In addition, consent is no longer allowed to be a pre-condition of signing up to a service unless necessary as this would not be full consent; and the data processor must now also name the parties who will be relying on the consent and using the data, and where possible there should be options for the individual to consent to different types of data processing.
The impact of the change of law relating to consent could be significant for your business; however as highlighted in the ICO draft guidance, consent to data processing puts the individual in control of their own data and how this is used and by enhancing procedures around consent, this helps build trust with consumers and leads to higher levels of engagement. What does this mean? Doing consent well can enhance your business reputation! Getting it wrong will erode trust, damage business reputation and could result in substantial fines in the most serious cases!
Whilst the ICO’s guidance has been much anticipated, we should not forget that consent is not the only legal basis under the GDPR for processing data, (although can be extremely important for your business where there is no other legal basis upon which to process data.)
Read Part 1: Consent: Getting it right under the new rules #GDPR – Part 1: What is Consent?
Read Part 2: Consent: Getting it right under the new rules #GDPR – Part 2: What does this mean for your business?
Read Part 3: Consent: Getting it right under the new rules #GDPR – Part 3: Do we always need consent?
Read Part 4: Consent: Getting it right under the new rules #GDPR – Part 4: Recording and managing consent
Contact our Specialist Compliance and Regulatory Lawyers
MacRoberts’ team of data protection specialists can provide expertise and advice to businesses wishing to adopt this proactive approach to compliance preparation. We pride ourselves on our diverse, resourceful and highly skilled team of compliance and regulatory solicitors, who have substantial commercial and legal experience, delivering a pragmatic and commercial approach to our clients and their businesses.
If you require advice, assistance or representation in relation to the upcoming General Data Protection Regulation obligations or any other compliance and regulatory matters, contact our team today for expert advice tailored to your needs and/or sign up to our newsletter to keep up to date with the latest GDPR news and developments