Did you consent to this?

With the introduction of the General Data Protection Regulation (GDPR) marketers need to ensure what their customers are knowingly consenting to and that their strategies are fully compliant.

In terms of GDPR what does the word ‘consent’ specifically mean?

GDPR spells out in its regulation that affirmative consent is; “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Consent must also:

  • Be explicitly obtained to cover the name, purpose and types of processing activities
  • Require a positive opt-in action
  • Be requested for in a conspicuous, easy to understand and concise manner. Clearly separated from other matters
  • Be explicitly confirmed in words
  • Have its duration reviewed and refresh consent requested when deemed appropriate

What instances require explicit consent?

  • When sensitive data is processed
  • When automated decisions are adopted and in creation of profiles
  • When international transfers are conducted

Single Opt-in or Double Opt-in?

GDPR consent requires a positive opt-in action. Silence, inactivity or pre-ticked boxes are not compliant.  However, many in the industry argue that it’s best practice to take confirmation of consent a second time (such as in a subscription process whereby after sign-up, an email address is only added after clicking through an additional email confirmation link). This double opt-in method (also known as confirmed opt-in) has the additional benefit of helping to ensure only genuine data is captured.

Should pre existing customers be asked to re-consent post-GDPR?

Not just for the sake of it, no. If data was captured with consent adhering to GPDR’s new code, then consent can assume to carry on. Should this data to be ever used in a different manner than consented to, then a new consent will need to be sought.

Opting Out

Withdrawing consent at any time should be a simple process and instructions should be provided on how to go about doing so (for example; promotional emails containing a link to opt-out).