This article is part of a series of articles considering the General Data Protection Regulation (EU 2016/679) which comes into effect on 25 May 2018.
Where it is necessary to obtain consent to process an individual's personal data the General Data Protection Regulation (EU 2016/679) (GDPR) has set the bar high.
Consent needs to be "freely given, specific, informed and unambiguous" (Art 4(11)). Here are some common mistakes:
- Using pre-ticked boxes – Consent should require a positive step, ie to physically tick a box.
- Hiding a request for consent in your general Terms and Conditions.
- Making consent a precondition for providing a service; unless it is necessary in order to provide that service this should be avoided.
We can advise you on all aspects of the GDPR and how it is likely to affect your business. For further assistance or advice, please contact Elizabeth de Cruz at firstname.lastname@example.org.