09 January 2018 #Data Protection
Under current rules for data protection, businesses are allowed to implement “opt-out” and pre-checked boxes when it comes to obtaining an individual’s consent to collecting and using personal data. However, under the new General Data Protection Regulation (GDPR), these methods mentioned above are not valid forms of consent, and that only a clear affirmative action by an individual shall constitute as consent.
What can you do to obtain “Valid Consent”?
It should be remembered that the time limit for any given consent is undefined, and dependent on the context. Therefore, regular consent reviews should be conducted into business processes to ensure full compliance.
In order to assist businesses in transitioning their practices to comply with the GDPR, the Information Commissioner’s Office has issued guidance on consent, which can be found here. With just under five months to go, now would be the perfect time to review your practices and contact us if you need any help with implementing changes.
Article written by Brian Cheng, Paralegal at Clarkslegal LLP