As we’re sure you are all aware, we are only a couple of weeks away from GDPR coming in to effect and we've had a number of enquiries from members around the new rules. If you're still unsure whether you are taking the right steps, the ico website is a great place to visit for advice and guidance. In fact, there is an easy to follow questionnaire and 8 step plan for you to follow.
Out of all the advice given out so far, one of the most important lines I’ve found so far is highlighted in yellow below:
The GDPR sets a high standard for consent, but the biggest change is what this means in practice for your consent mechanisms.
The GDPR is clearer that an indication of consent must be unambiguous and involve a clear affirmative action (an opt-in). It specifically bans pre-ticked opt-in boxes. It also requires distinct (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service.
You must keep clear records to demonstrate consent.
The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.
Public authorities, employers and other organisations in a position of power may find it more difficult to show valid freely given consent.
You need to review existing consents and your consent mechanisms to check they meet the GDPR standard. If they do, there is no need to obtain fresh consent.”
Essentially, as long as you can show that consent has been given to use the data for the purpose you are using for there is no need to ask the individual to re-consent.
Should you have any questions please just drop usa line and we'll do our best to find out the answer for you.