In the UK & EMEA, Hamlyn Williams is building its internal GDPR and compliance infrastructure.
The GDPR sets a high standard for consent. We outline herein our approach and quality statements about our responsibilities in the new EU directive and application of consent throughout our organization.
The GDPR sets a high standard for consent, but the biggest change is what this means in practice for your consent mechanisms. The GDPR is clearer that an indication of consent must be unambiguous and involve a clear affirmative action. Consent should be separate from other terms and conditions. It should not generally be a precondition of signing up to a service. The GDPR specifically bans pre-ticked opt-in boxes. It requires granular consent for distinct processing operations. You must keep clear records to demonstrate consent. The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.
Why is consent important?
Consent is the lawful basis for processing, and consent (or explicit consent) can also legitimize the use of special category data, restricted processing, automated decision-making or overseas transfers. Relying on inappropriate or invalid consent could destroy trust and harm your reputation – and may leave you open to substantial fines.
GDPR –we take our responsibility seriously and follow the guiding principles for the ICO direct:
- Applying consent controls and procedures and checks should put individuals in control, build customer trust and engagement and enhance Hamlyn Williams’ reputation
- Consent means offering individuals genuine choice and control
- Consent requires a positive opt-in
- Explicit consent requires a very clear and specific statement of consent
- Consent must be clear and concise
- Name any third party controllers who will rely on the consent
- Make it easy for people to withdraw consent and tell them how
- Keep evidence of consent – who, when, how, and what you told people
- Keep consent under review, and refresh it if anything changes
If you have any questions surrounding data please do not hesitate to contact the Operations Director Sarah Goodrich