A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The requirement to meet a condition for processing continues under the new rules of the GDPR (the General Data Protection Regulation) and one of the grounds for lawful processing most debated is that of consent, what you need to do to obtain it and how businesses going forward can demonstrate that they had consent to process.
Under the GDPR, consent must be "freely given, specific, informed and an unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her".
Inactivity and the pre-ticked box will not be sufficient anymore.
From tomorrow (Friday 3rd March), you will be able to provide your views and thoughts on the much awaited ICO draft GDPR consent guidance.
With a requirement to be able to verify consent, and substantive fines where business gets it wrong, for any business that relies on consent (and most of us do), this area of compliance is business critical and cannot be overlooked.
Disclaimer
The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Recipients should not act on the basis of the information in this e-update without taking appropriate professional advice upon their own particular circumstances.
