How should you write a consent request and what information it should contain?

How should you write a consent request? Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions. Article 7(2) says: “If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent […]

Read More…

Dealing with Children’s Data

According to the GDPR, children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerns and their rights in relation to the processing of personal data. Definition under the GDPR Any information given to, or provided in communication with, a child must be […]

Read More…

All that you need to know about lawful basis for processing data

The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever you process personal data: Consent: the individual has given clear consent for you to process their personal data for a specific purpose. Contract: the processing is necessary for a contract you have with the […]

Read More…

What is valid consent?

The GDPR sets a high standard for consent, which must be unambiguous and involve a clear affirmative action (an opt-in). It specifically bans pre-ticked opt-in boxes. It also requires distinct (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing […]

Read More…