ICO guidance for consent in the GDPR
6 Mar 2017 03:31 PM
Blog posted by: Jo Pedder, Interim Head of Policy and Engagement, 02 March 2017.
Back in January I wrote about our plans for GDPR guidance in 2017 and our commitment to help organisations improve their practices and prepare for the GDPR.
I’m pleased to announce that our first piece of detailed topic-specific GDPR guidance has been published today for public consultation. This new guidance is about consent in the GDPR and we are interested to gain your feedback on it through a short consultation which is running from now until 31 March 2017.
The basic concept of consent, and its main role as one lawful basis (or condition) for processing, is not new. However the GDPR does set a high standard for consent. It builds on the Data Protection Act (DPA) standard of consent in a number of areas, and it contains significantly more detail on both the standard and processes for consent.
Basing your processing of customer data on GDPR-compliant consent means giving individuals genuine choice and ongoing control over how you use their data, and ensuring your organisation is transparent and accountable.
Getting this right should be seen as essential to good customer service: it will put people at the centre of the relationship, and can help build customer confidence and trust. This can enhance your reputation, improve levels of engagement and encourage use of new services and products. It’s one way to set yourself apart from the competition and will be fundamental to the growth of the digital economy.
Our guidance on consent explains our recommended approach to compliance and what counts as valid consent. It provides practical help to decide when to rely on consent, and when to look at alternatives. It also explains the key differences with the DPA and gives advice about existing DPA consents.
Following the consultation we aim to publish this guidance in May 2017. This timescale may be affected if we need to take account of developments at the European level.
That won’t be the end of our work on consent. Later in the year we are planning to issue a call for evidence to get a better sense of what technical solutions are available or are being developed for obtaining and managing consent. And we are also working with our European counterparts on the Article 29 working party to produce further agreed guidelines on consent later this year. Keep an eye on our data protection reform website for updates.
Jo Pedder is Interim Head of Policy and Engagement. She has lead responsibility for the ICO’s guidance on the Data Protection Act and the Freedom of Information Act.