One Key Aspect of the GDPR is Getting Consent
The General Data Protection Regulation (GDPR) is European Union legislation that began to be enforced on May 25, 2018. Its aim is to strengthen the rights of data subjects within the European Union (EU) and European Economic Area (EEA) with regard to how their personal data is used and how it’s protected. (‘Personal data’ means any information that relates to an identified or identifiable natural person). This article will focus on GDPR consent.
Six Key GDPR Principles
To that end, the GDPR is structured around six key principles (detailed in Article 5 of the legislation):
- Transparency on how data will be used and what it will be used for.
- Ensuring that the data collected is used only for the purposes explicitly specified at the time of collection.
- Limiting the data collection to what is necessary to serve the purpose for which it is collected.
- Ensuring the data is accurate.
- Storing the data for only as long as necessary within its intended purpose.
- Prevention against unauthorized use or accidental loss of the data through the deployment of appropriate security measures.
One key aspect of the GDPR where Marketing needs to review past, current, and future practices is consent. Later in this article we’ll give you a checklist of seven key areas to address regarding GDPR consent.
What is GDPR Consent?
The definition of GDPR consent is: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This dual need for an ‘affirmative action’ that captures GDPR consent, which also must be ‘specific’ in how the personal data will be used before any processing of the data, represents a significant change for most marketers in how they record and respect customer preferences.
Also, customer preferences change over time and rarely exist in perpetuity. GDPR consent guidelines have something to say about this too—namely that organizations, specifically marketing, must make it easy for data subjects to make any changes in preference or withdraw consent altogether.
Consequently, all marketers need to audit, identify, and review the current points at which they are collecting personal data for processing.
Here is a Checklist of Seven Key Areas to Address Regarding GDPR Consent:
- You must make consent easy for customers to change, or withdraw it altogether by making subscription preferences easy to find and global unsubscribe a one-click preference.
- Consent must be freely given, no deception or coercion.
- Consent is a one-time non-editable event.
- You cannot change consent without asking.
- You cannot change refusal of consent.
- And, you can ask for new consent or different consent.
- Consent must be a positive action.
- Consent must be affirmative and specific in how the personal data will be used.
- Also, consent must be a click or checkbox …. “Yes, I agree” or an actual signature.
- Absence of action is not consent.
- Furthermore, we highly recommend double opt-in for subscriptions.
- You are allowed to send non-consensual communications when they are specific to:
- A transaction that requires confirmation or notice such as eCommerce order notifications.
- A communication that is required as means to complete a contractual obligation on part of the user or organization.
- A communication that is required by a specific membership or operational model where said model is clearly stated in a terms of service (e.g. operational emails to a franchise owner).
Follow the Guidance to Comply with GDPR Consent Requirements
In conclusion, following the guidance above will ensure you are complying with GDPR consent requirements. Furthermore, it will also create good will with your customers. Privacy concerns are headlines in the news every day. You can ensure your customers they can trust you by following the consent procedures we’ve discussed. Happy consenting!
Which countries are included in GDPR compliance? Learn more here.
Did you know our GDPR experts can help you with GDPR Consent? Contact us today.