The rules for obtaining consent are going to be more stringent than they are at present following the introduction of the General Data Protection Regulation (GDPR) on May 25.
Company owners and data protection professionals need to be conscious of the alterations that are about to be made. If this is not the case the companies could become subject to sanctions and other penalties.
How can Consent be Defined?
From May 25 is that consent needs to be transparent and the individual providing consent must perform some form of action to show that they were complete clear as regards what they were agreeing to and are happy to consent. One obvious amendment that this brings is that businesses can no longer be able to use a pre-ticked boxes when obtaining consent. It is also not advised to use a combination of pre-ticked and tick boxes, as this could cause confusion and it may invalidate the consent that a business thinks it has obtained.
Gathering Consent in line with GDPR
The one measure that a business should not carry out to obtain consent is contact a person directly. This is referred to as direct marketing and is illegal. The best manner to gather consent is to use a full explanation and a tick box. Businesses can also require clients to complete an online form or relay an email.
The most important thing to consider, for any company, is that they must be able show when and how consent was obtained, as well as who acquired it.
Most companies already adhere all of the consent GDPR requires. However, any that do not will need to make amendments or face potentially stringent punishment.