The Information Commissioner’s Office (ICO), has published its final guidance on consent as a lawful basis for processing personal data under the General Data Protection Regulation (GDPR).
In my experience of doing GDPR presentations over the last few months, this is an area that is causing particular confusion for small business owners. This guidance should assist in clarifying a few of the outstanding questions.
This guidance should be read with the ICO Guide to the GDPR.
- Why consent is important;
- What is valid consent;
- A summary of the main differences between consent under the Data Protection Act 1998 (DPA 1998), the GDPR and the Data Protection Bill 2017-19;
- When consent is appropriate;
- How should consent be obtained, recorded and managed.
If you would like more information on our Law Hub for SME's, follow this link.
This guidance will help you to decide when to rely on consent for processing and when to look at alternatives. It explains what counts as valid consent, and how to obtain and manage consent in a way that complies with the GDPR. The guidance sets out how the ICO interprets the GDPR, and our general recommended approach to compliance and good practice.