Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Do You Really Have Consent?

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr
by Adam Brogden
in Blog

12-Sep-2018 10:42

By now, most people know that consent is not the only lawful basis for storing and processing data. However, it is one of my favourites! If you have documented, provable, absolute consent then you can market appropriate content to that person with very little risk. Don’t forget to remove their details if they ask and think carefully about using data that is perhaps a little too old [you know what I mean].

So, be honest, if you received a SAR or complaint could you actually provide a record of the consent that you are claiming? Consent has to be given freely, explicit, granular, related to your company, current, and have not been withdrawn. Just think:

  1. Where did you collect their consent?

  2. Have you still got the opt-in details and are these enough to prove the opt-in is genuine?

  3. Exactly what did the page say, offer or promise?

  4. Was there a privacy statement in place? This is a big one!

  5. Have you removed people that have asked to be removed?

  6. Are you totally sure you have documented evidence to support this?

  7. Most importantly, did you buy the data or collect it yourself?

Think about this carefully. It’s all well and good to be confident now, but will you be quite so confident when you get that SAR request through the door (google nightmare SAR for more info)? Will you be quite so confident if you get an ICO enforcement notice? I think not!

Consent is one of the safest options if it is genuine and you have managed carefully. Don’t rely on consent if you don’t really have it. It will end in tears!

Good luck all!