The General Data Protection Regulation (GDPR) has been a hot topic for businesses throughout the UK, Europe and beyond over the last year. The legislation seeks to give citizens greater control over their information and protect personal data. It also introduces a number of new responsibilities for both data controllers and data processors. In the third of our series of GDPR blogs we take a look at one of the biggies; consent.
To put it simply, your business may need to make quite a few alterations to your everyday processes and practices to ensure you’re compliant with the Regulation ahead of the 25th May 2018 deadline, as well as changes to how you acquire consent to collect and use data are amongst the most significant.
The GDPR makes it very clear that consent is not a matter to be trifled with. Failing to comply with the Regulation’s standards could result in a maximum fine of £17.25m or 4% of your organisation’s global annual turnover, whichever is greater. Not an ideal scenario to find yourself in when it can so easily be avoided. Well, as easily avoided as can be when it’s part of a whopping great legal document created by the European Union.
Let’s take a look at some of the changes to consent introduced by the Regulation:
- Consent must be given by the individual. That means saying goodbye to all those pre-ticked boxes. You need to explain what you want to use the data for and get their ‘explicit consent’.
- Whether you’re a data controller or data processor (that’s companies like us, UKFast, that store your data), you must always record how consent to use the data was given, who from, when, how and what the interested parties had been
- You mustn’t bundle your consent requests in with your standard terms and conditions. You must be open, honest and clear about exactly what you want to do with the individual’s information. Essentially, the control should always be with the data subject.
This little snippet just about scrapes the surface of what you will need to do to comply with the new standards for consent under the GDPR. There is a lot more to know and lots more to do before the deadline in a little over a year’s time.
If we’ve wet your whistle for more GDPR compliance guidance, download our whitepaper, ‘GDPR is Around the Corner: Are You Ready?’ via the big red button that you’re just dying to click below.