Gaining Explicit Consent – Why it matters

The General Data Protection Regulation (“GDPR“) will come into effect two years after it is published in the Official Journal of the EU. This means that all companies must be in full compliance with the GDPR by May 2018. Gaining consent is a key issue if companies do not want to fall foul of the new GDPR regulations.

What does gaining consent mean?

If you rely on a data subject’s consent to process their data, they must freely give specific, informed and unambiguous consent. Where a data controller collects personal data for one specific purpose, the GDPR requires that data subjects give additional consent for each additional processing operation.

What can you do to prepare?

Companies that act as controllers need to ensure that they have a lawful basis for all of their data processing activities. To the extent that any company relies on consent as the lawful basis for any of its processing activities, it should review any consent mechanisms it has in place, to ensure that:

  1. Data subjects are provided with a clear explanation of the processing to which they are consenting;
  2. The consent mechanism is genuinely of a voluntary and “opt-in” nature; …
    …- data subjects are permitted to withdraw their consent easily;
    ……the organisation does not rely on silence or inactivity to collect consent (e.g., pre‑ticked boxes do not constitute valid consent);
    and ……wherever the organisation relies on the consent of EU employees as a lawful basis for processing personal data, the organisation should consider whether such consent is really freely given.

How can we helpGDPR Planet Verify

  • GDPR Compliant from First Contact

Collecting your new customer or employee data using PlanetVerify allows you to communicate in a transparent way your legal intentions and obligations with regarding  the processing their data via a simple outbound request to your customer.

  • Acting Transparently and maintaining records

Our system allows you to maintain an  auditable data trail of how you manage (and obtained) customer consent to process their data.

  • Comply with New Employee and Customer Rights

The system gives you the ability to automatically delete (purge) full or partial customer records in accordance with GDPR and your own internal compliance rules.

You can easily and efficiently rapidly respond to consumer and employee requests to access, port or erase their data direct from the platform.

  • Managing Legacy Database Consent

Clients also use PlanetVerify to gain explicit consent from legacy customer databases via our batch request feature.

Talk to us today about how our solution allows you to manage your GDPR customer consent requirements today.  Book a Demo here

 

The content of this article is provided for information purposes only and does not constitute legal or other advice.

 

 

Leave a comment