With the introduction of the General Data Protection Regulation (GDPR) marketers need to ensure what their customers are knowingly consenting to and that their strategies are fully compliant.
In terms of GDPR what does the word ‘consent’ specifically mean?
GDPR spells out in its regulation that affirmative consent is; “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
Consent must also:
What instances require explicit consent?
Single Opt-in or Double Opt-in?
GDPR consent requires a positive opt-in action. Silence, inactivity or pre-ticked boxes are not compliant. However, many in the industry argue that it’s best practice to take confirmation of consent a second time (such as in a subscription process whereby after sign-up, an email address is only added after clicking through an additional email confirmation link). This double opt-in method (also known as confirmed opt-in) has the additional benefit of helping to ensure only genuine data is captured.
Should pre existing customers be asked to re-consent post-GDPR?
Not just for the sake of it, no. If data was captured with consent adhering to GPDR’s new code, then consent can assume to carry on. Should this data to be ever used in a different manner than consented to, then a new consent will need to be sought.
Withdrawing consent at any time should be a simple process and instructions should be provided on how to go about doing so (for example; promotional emails containing a link to opt-out).