Consent means that individuals are offered real choice and control over their own personal data.
Consent is a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the people data agreement to the processing of the personal data.
Asking for Consent
Consent requires a very clear and specific statement with an explicit opt-in, so pre-checked boxes or other default pre-selected consent methods are illegal.
If the consent includes different purposes or several processing types a separate consent must be asked for each of them.
The statement of why the data is being gathered and what will be done with it must be clearly stated and based on the most appropriate lawful basis for processing.
Therefore, when an individual gives consent, it must be clear for all parts involved what is the consent about.
Public authorities and employers should take extra care to show that consent is freely given, and should avoid over-reliance on consent.
Children merit specific protection with regard to their personal data. Special attention must be give for purposes such as marketing, user profiles and the collection of personal data when using services offered directly to a child.
Ocasional exceptions exist in the context of preventive or counselling services offered directly to a child.
See Article 8 for details.
Because consent is auditable, it is necessary to keep records of when, how and what has the individual has given consent to.
Individuals can manage the consent, including withdraw the consent at any given time.
It should be easy for people to withdraw the consent and that should be stated when asking for consent.
Genuine consent should put individuals in charge, building customer trust and engagement which will enhance your reputation.
Need Help with GDPR?
Get in touch with us if you need help on the subject.