Gaining Explicit Consent – Why it matters
The General Data Protection Regulation (“GDPR“) will come into effect two years after it is published in the Official Journal of the EU. This means that all companies must be in full compliance with the GDPR by May 2018. Gaining consent is a key issue if companies do not want to fall foul of the new GDPR regulations.
What does gaining consent mean?
If you rely on a data subject’s consent to process their data, they must freely give specific, informed and unambiguous consent. Where a data controller collects personal data for one specific purpose, the GDPR requires that data subjects give additional consent for each additional processing operation.
What can you do to prepare?
Companies that act as controllers need to ensure that they have a lawful basis for all of their data processing activities. To the extent that any company relies on consent as the lawful basis for any of its processing activities, it should review any consent mechanisms it has in place, to ensure that:
- Data subjects are provided with a clear explanation of the processing to which they are consenting;
- The consent mechanism is genuinely of a voluntary and “opt-in” nature;
- data subjects are permitted to withdraw their consent easily;
the organisation does not rely on silence or inactivity to collect consent (e.g., pre‑ticked boxes do not constitute valid consent);
and wherever the organisation relies on the consent of EU employees as a lawful basis for processing personal data, the organisation should consider whether such consent is really freely given.
How can we help
- GDPR Compliant from First Contact
Collecting your new customer or employee data using PlanetVerify allows you to communicate in a transparent way your legal intentions and obligations with regarding the processing their data via a simple outbound request to your customer.
- Acting Transparently and maintaining records
Our system allows you to maintain an auditable data trail of how you manage (and obtained) customer consent to process their data.
- Comply with New Employee and Customer Rights
The system gives you the ability to automatically delete (purge) full or partial customer records in accordance with GDPR and your own internal compliance rules.
You can easily and efficiently rapidly respond to consumer and employee requests to access, port or erase their data direct from the platform.
- Managing Legacy Database Consent
Clients also use PlanetVerify to gain explicit consent from legacy customer databases via our batch request feature.
Talk to us today about how our solution allows you to manage your GDPR customer consent requirements today. Book a Demo here
The content of this article is provided for information purposes only and does not constitute legal or other advice.