Sunday, 27 May 2018
How-to: Gaining consent under GDPR (Part II)
Five principles of consent in the GDPR
Our last post covered the definition of consent under GDPR; looking at the practical aspects of consent under the new regulations, there are five principles of consent in the GDPR which the ICO highlights as key changes:
Consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless it is necessary for that service.
Pre-ticked opt-in boxes on consent forms are invalid – use unticked opt-in boxes or similar active opt-in methods, such as a binary choice where both options have equal prominence.
Provide granular options to consent separately for different channels (phone, email, SMS, direct mail) for contact.
You need to name your organisation and any third parties who will be relying on consent. Citing broad categories of third-party organisations, such as 'local authorities', or 'sports governing bodies' are no longer acceptable under the GDPR.
Easy to withdraw
You need not only to tell people they have the right to withdraw their consent at any time, but how to do this. It must be as easy to withdraw consnet as it was to give, which means having a simple and effective withdrawal process. It must be live alongside your consents process, not 'coming soon'.
Next up, how to put these into practice on your consent forms. RC
Image credit: National Capitol Columns - Washington, D.C. By AgnosticPreachersKid [CC BY-SA 3.0], from Wikimedia Commons