Best practices when managing consent

GDPR Consent
What is Consent

What is Consent?

Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement and enhance your reputation.

Explicit consent requires a very clear and specific statement of consent.

Make it easy for people to withdraw consent and tell them how.

Article 4 - (11) ‘consent’ of the data subject means any freely given,
specific, informed and unambiguous indication of the data
subject’s wishes by which he or she, by a statement or by a
clear affirmative action, signifies agreement to the processing
of personal data relating to him or her;

Consent Guidelines

The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.

Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.

Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.

Keep your consent requests separate from other terms 
and conditions.

Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.

Be clear and concise.

Name any third party controllers who will rely on the consent.

Make it easy for people to withdraw consent and tell them how.

Keep evidence of consent – who, when, how, and what you told people.

Keep consent under review and refresh it if anything changes.

Avoid making consent to processing a precondition of a service.

Public authorities and employers will need to take extra care to show that consent is freely given and should avoid over reliance on consent.

Consent Checklist

We have checked that consent is the most appropriate lawful basis for processing.

We have made the request for consent prominent and separate from our terms and conditions.

We ask people positively to opt-in

We regularly review consent to check that the relationship, the processing and the purpose have not changed.

We have processes in place to refresh consent at appropriate intervals, including any parental consent.

We keep a record of when and how we got consent from the individual.

Get a checklist and a clear overview of all the GDPR articles relevant to consent and consent practices

 To view the complete checklist please fill out the form.

Download Now


Articles and Recitals

Get a checklist and a clear overview of all the articles relevant to GDPR consent and consent practices

Download Now