Skip to the content

GDPR: What Does Consent Mean?

In the world of General Data Protection Regulation (GDPR) our “consent” will be a major focus and understanding what is meant by consent will be important for all of us as individuals and for the organisations that we work for and connected with. So what Does Consent Mean?

The Oxford English Dictionary defines consent as: Noun: Permission for something to happen or agreement to do something. Verb: Give permission for something to happen.

The upcoming GDPR (May 2018] brings along with it an even more granular definition that will mean that it is imperative for organisations to really understand what consent means when considered in conjunction with collecting, storing and processing personal data. Confused? Please bear with me.

In May 2018 there will be the legal requirement to go through rigorous measures to ensure that organisations have been given consent to hold data. It will no longer be acceptable to just rely on ‘opt out’ but organisations must gain a “statement or a clear affirmative action.” Consent must be “freely given, specific, informed and unambiguous.” The added complication is that organisations must also show that they ask for consent, they record it and then manage the consent. In short, if they do not go through the required steps they will be at risk of being non-compliant.

Now many of you will be thinking of calling legal at this point and that would not be a bad move as the wording to make sure employees and employers are aware and protected will need to be carefully written

There are many processes to go through to ensure that organisations outline that they are asking for consent, why they are doing so, what they are doing with the data, that it is separate from usual terms, that consent can be withdrawn at any time and that the consent has been given in a clear and positive format  Finally companies will  need to show how they act on withdrawal of consent and do not penalise those who withdraw consent.

There are varied implications that organisations need to bear in mind, not only is it a legal requirement, but by doing it right will potentially build trust, although conversely doing it badly could lead to reputational damage.

 

Get in touch

Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.