Clarkslegal LLP - Solicitors in Reading and London

Legal Updates

Data protection – have you got consent to use and store personal data?

09 January 2018 #Data Protection

Under current rules for data protection, businesses are allowed to implement “opt-out” and pre-checked boxes when it comes to obtaining an individual’s consent to collecting and using personal data. However, under the new General Data Protection Regulation (GDPR), these methods mentioned above are not valid forms of consent, and that only a clear affirmative action by an individual shall constitute as consent.

What can you do to obtain “Valid Consent”?

  1. Consent must be freely given – this means giving people ongoing choice and control over how your businesses uses their data.
  2. You must clearly provide your business’s name, the reasons for collecting and storing the data, and how you propose using the data.
  3. Consent requests must be prominent, unbundled from your business’s other terms and conditions, concise and easy to understand, and user-friendly.
  4. Consent should be obvious and require a positive action to opt-in.

It should be remembered that the time limit for any given consent is undefined, and dependent on the context. Therefore, regular consent reviews should be conducted into business processes to ensure full compliance.

In order to assist businesses in transitioning their practices to comply with the GDPR, the Information Commissioner’s Office has issued guidance on consent, which can be found here. With just under five months to go, now would be the perfect time to review your practices and contact us if you need any help with implementing changes.

Article written by Brian Cheng, Paralegal  at Clarkslegal LLP

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Read more articles


Data Protection team
+44 (0)118 958 5321