GDPR Do I need to obtain fresh consent for General Data Protection Regulation compliance?
There is lots of confusion about consent at the moment and whether we all need to be getting consent to continue to communicate with our customers, staff, potential customers, visitors to our websites and the public once the General Data Protection Regulation commence on 25 May 2018.
What do I need to do?
You need to assess how you got the individual’s details and/or consent in the first place.
If the information was in compliance with existing law (data protection law and the ePrivacy Regulations (for direct marketing electronically for example text messages and emails) and meets the criteria for GDPR then YOU DO NOT need to seek fresh consent again.
If you obtained the information in compliance with existing law but it does not meet the higher standards required by GDPR then you may need to take action. Can you demonstrate that valid consent was obtained? Did you rely on implied or presumed consent?
If you are not in compliance with existing law you may have no right to use the information at all and have no right to contact the individual to seek consent now.
Carry out an assessment:
Review your current system of obtaining information and how you record obtaining consent?
Does it meet the GDPR standards?
Consider what is your lawful basis for using the information?
Is it to fulfil a contract?
Is the processing required under a statutory obligation?
Is it one of the other six grounds?
Is consent your only lawful basis? If so, then you need consent.
It is only where you need consent to have a lawful basis that you need to check your existing consents and ascertain if it is compliant or whether you need to take action to obtain compliant consent for GDPR.
According to the European Guidance Notes issued:
“Controllers that currently process data on the basis of consent in compliance with national data protection law are not automatically required to completely refresh all existing consent relations with data subjects in preparation for the GDPR.”
If you require further guidance please contact us to organise a consultation.
The material in this article is for general information purposes only and does not constitute legal or taxation advice. Specific legal and taxation advice should be sought before acting. All information and taxation rules are subject to change without notice.
No liability whatsoever is accepted by M. McLoughlin & Co. for any action taken in reliance on the information in this article
Book an appointment Downloads Subscribe Contact Us