With the General Data Protection Regulation (GDPR) quickly approaching, we’ve had many customers asking questions about the different legal bases for processing data. Of the six legal bases (consent; contract; legal obligation; vital interests; public tasks; and legitimate interests), perhaps those causing the most confusion and uncertainty are consent and legitimate interests. Carmel covers legitimate interest in her blog, so in this blog, I will cover the topic of consent. As a previous blog in our series eluded to, a key change in the upcoming GDPR enforcement is how companies are able to gain consent from their data subjects. Previously, implicit or opt-out consent was allowed in certain circumstances. As an example, under previous laws, it was acceptable for email marketers to pre-check their opt-in boxes when signing users up to receive their emails:
That all changes after May 25, 2018. For most companies, this will drastically change how they’re able to opt users into their services.
GDPR sets a new standard for consent. Under the GDPR, “consent” means “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” (Article 4(11)). While the concepts themselves are not new, the enforcement and potential consequence of non-compliance are unknown territory.
I’m sure many of you are asking yourselves if your current consent practices comply. I’ve provided the following questions to see how they stack up:
If you’ve answered no to any of these questions, you’re not alone. Return Path works with many businesses that still have updates to make in order to be fully compliant with GDPR come May 25, 2018. To help your teams prepare, I’ve detailed how Return Path is updating our consent practices to ensure our GDPR Compliance:
While this may feel like a large undertaking, updating your consent practices will help customers to understand and feel more at ease with how your business is processing and utilizing their data. In the long run, this will create a more positive experience for them and improve their relationship with your business. Check out our blog post on how consumers benefit from the GDPR to understand this further!
Elizabeth Schweyen is the Privacy Specialist at Return Path. She's involved in helping Return Path prepare for the GDPR and ensuring we stay ahead of industry standards when it comes to Privacy. Elizabeth's previous role on the Return Path Compliance team makes her a stickler for the rules, putting her in an excellent position to help lead the company into GDPR compliance! Outside of work you can find Elizabeth exploring the Rocky Mountains, catching up with friends, or watching Michigan football (Go Blue!).
Enter your name and email address below to subscribe to our mailing list.