Your go-to free AI courses? (Anonymous post 🤫)
Ocean King
Admin, Ops, IT & Finance
A CharityConnect User Posted 7 years ago
How do the General Data Protection Regulations (GDPR) define consent?
Having the consent to hold and use data is a fundamental part of the General Data Protection Regulations (GDPR). The ICO have put together a helpful list detailing the requirements that meet the GDPR standard on customer consent.
- Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement, and enhance your reputation.
- Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.
- Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
- Explicit consent requires a very clear and specific statement of consent.
- Keep your consent requests separate from other terms and conditions.
- Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
- Be clear and concise.
- Name any third party controllers who will rely on the consent.
- Make it easy for people to withdraw consent and tell them how.
- Keep evidence of consent – who, when, how, and what you told people.
- Keep consent under review, and refresh it if anything changes.
- Avoid making consent to processing a precondition of a service.
- Public authorities and employers will need to take extra care to show that consent is freely given and should avoid over-reliance on consent.
Do you need to undertake a re-permissioning campaign?
W8 Data forecasted that as of May 2018 75% of marketing data will become obsolete in the UK. Dave Lee, Director of W8 Data, said:
"What is crucial moving forwards is that the opted-in data is quality-checked and well maintained, otherwise it risks becoming non-compliant and unusable. The fact that two-thirds of organisations are currently failing to regularly review their data speaks volumes, and under GDPR is something that is going to have to change."
When deciding if you need to start re-permissioning the data you hold, the main question to ask yourself is point 10 - how, where and when did you obtain consent?
Any data that has been obtained without consent means you do NOT have permission to re-permission, doing so could mean breaking current DPA and PECR rules. Wetherspoons decided to mitigate this risk by ‘simply’ deleting their entire mailing list to start from scratch as GDPR compliant!
Although Wetherspoons actions may seem drastic, the consequences of breaking current DPA and PECR rules can seriously affect an Organisation. For example, Goody Market UK Ltd was recently fined £40,000 after they failed to ensure that texts were sent to individuals who had consented to receive marketing messages.
If you’re holding data that was provided to you freely by The Subject* but is not compliant to the GDPR, then it is necessary to initiate a re-permissioning campaign NOW.
If a *Data Subject has given consent to receive updates on a product or service they’ve purchased from an Organisation, then that Organisation cannot contact them about a competition for example (or for any reason other than the permission the Data Subject gave).
*The Subject, also known as the Data Subject refers to the individual that you are holding personal data on.
Best practice on obtaining, recorded and managing consent
Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include:
- the name of your organisation;
- the name of any third party controllers who will rely on the consent;
- why you want the data;
- what you will do with it; and
- that individuals can withdraw consent at any time.
Required consent must be granular; separate permissions must be acquired for permission to send different marketing materials.
Keep records to evidence consent – who consented, when, how, and what they were told.
Re-Permissioning and evidencing your data can be a POSITIVE thing for your Organisation! For example, your email marketing campaigns will be better targeted and therefore the success of your results will be reflective of that. Noone wants to be sent to the junk folder!
No responses yet. Be the first to reply!
{{ctrlComment.postTotalComments}} responses
Load more responses