ico.org.uk published a good article about giving “Consent” for newsletter subscriptions under the new GDPR.  At a glance:

  • The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.
  • Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement, and enhance your reputation.
  • Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.
  • Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
  • Explicit consent requires a very clear and specific statement of consent.
  • Keep your consent requests separate from other terms and conditions.
  • Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
  • Be clear and concise.
  • Name any third party controllers who will rely on the consent.
  • Make it easy for people to withdraw consent and tell them how.
  • Keep evidence of consent – who, when, how, and what you told people.
  • Keep consent under review, and refresh it if anything changes.
  • Avoid making consent to processing a precondition of a service.
  • Public authorities and employers will need to take extra care to show that consent is freely given, and should avoid over-reliance on consent.

In the article the details for asking for consent, recording consent and managing consent are described in more detail. See full article here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/


Leave a Reply

Your email address will not be published. Required fields are marked *