Share

2 min read

Writen by Zlatko Delev

Posted on: April 8, 2021

What is valid consent?

The GDPR sets a high standard for consent, which must be unambiguous and involve a clear affirmative action (an opt-in).

It specifically bans pre-ticked opt-in boxes. It also requires distinct (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service.

Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data.

Consent should be obvious and require a positive action to opt in. Consent requests must be prominent, unbundled from other terms and conditions, concise and easy to understand, and user-friendly.

Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity.

Explicit consent must be expressly confirmed in words, rather than by any other positive action.

There is no set time limit for consent. How long it lasts will depend on the context. You should review and refresh consent as appropriate.

Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include:

  • the name of your organisation;
  • the name of any third party controllers who will rely on the consent;
  • why you want the data;
  • what you will do with it; and
  • that individuals can withdraw consent at any time

Keep records to evidence consent – who consented, when, how, and what they were told.

Make it easy for people to withdraw consent at any time they choose. Consider using preference-management tools.

Keep consents under review and refresh them if anything changes. Build regular consent reviews into your business processes.

Recent blogs

Guidance for the use of personal data in political campaigning

Introduction It is vital in any democratic society that political parties and campaigners are ab

GDPR Regulations for CCTV , Photography and Video equipment and drones.

CCTV In general, CCTV is directed at viewing and/or recording the activities of individuals. The

Transferring personal data by USB device

USB devices offer a convenient way to transfer data between two computers. However, their small phy

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.

06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.