Information Commissioner's Office
ICO guidance for consent in the GDPR
Blog posted by: Jo Pedder, Interim Head of Policy and Engagement, 02 March 2017.
Back in January I wrote about our plans for GDPR guidance in 2017 and our commitment to help organisations improve their practices and prepare for the GDPR.
I’m pleased to announce that our first piece of detailed topic-specific GDPR guidance has been published today for public consultation. This new guidance is about consent in the GDPR and we are interested to gain your feedback on it through a short consultation which is running from now until 31 March 2017.
The basic concept of consent, and its main role as one lawful basis (or condition) for processing, is not new. However the GDPR does set a high standard for consent. It builds on the Data Protection Act (DPA) standard of consent in a number of areas, and it contains significantly more detail on both the standard and processes for consent.
Basing your processing of customer data on GDPR-compliant consent means giving individuals genuine choice and ongoing control over how you use their data, and ensuring your organisation is transparent and accountable.
Getting this right should be seen as essential to good customer service: it will put people at the centre of the relationship, and can help build customer confidence and trust. This can enhance your reputation, improve levels of engagement and encourage use of new services and products. It’s one way to set yourself apart from the competition and will be fundamental to the growth of the digital economy.
Our guidance on consent explains our recommended approach to compliance and what counts as valid consent. It provides practical help to decide when to rely on consent, and when to look at alternatives. It also explains the key differences with the DPA and gives advice about existing DPA consents.
Following the consultation we aim to publish this guidance in May 2017. This timescale may be affected if we need to take account of developments at the European level.
That won’t be the end of our work on consent. Later in the year we are planning to issue a call for evidence to get a better sense of what technical solutions are available or are being developed for obtaining and managing consent. And we are also working with our European counterparts on the Article 29 working party to produce further agreed guidelines on consent later this year. Keep an eye on our data protection reform website for updates.
Jo Pedder is Interim Head of Policy and Engagement. She has lead responsibility for the ICO’s guidance on the Data Protection Act and the Freedom of Information Act.
Latest News from
Information Commissioner's Office
Man prosecuted and police force given undertaking after sensitive data leak on Twitter19/01/2018 09:10:00
A Kent man who posted sensitive police information on Twitter has appeared in court after he admitted breaking the Data Protection Act.
Company which made 75 million nuisance automated calls in four months is fined by the ICO18/01/2018 09:10:00
A company which made 75 million nuisance calls in four months has been fined £350,000 by the Information Commissioner’s Office (ICO).
Statement in response to reports of Just Eat story17/01/2018 10:20:00
An ICO spokesperson yesterday gave a statement in response to reports of Just Eat story.
Firms behind 44 million spam emails, 15 million nuisance calls and one million spam texts fined by the Information Commissioner’s Office12/01/2018 11:10:00
Four companies that disrupted people with nuisance marketing have been fined a total of £600,000 by the Information Commissioner’s Office (ICO).
Carphone Warehouse fined £400,000 after serious failures placed customer and employee data at risk11/01/2018 09:10:00
Carphone Warehouse has been issued with one of the largest fines by the Information Commissioner’s Office (ICO), after one of their computer systems was compromised as a result of a cyber-attack in 2015.