Have you got consentGDPR

26 June 2017

Have you got consent?

Managing consent is one of the biggest challenges our clients and other charities are facing regarding the GDPR. It doesn’t just mean obtaining consent to send direct marketing communications; it is also about obtaining consent to hold personal data.

Consent forms part of the individual’s rights and is affected by the following areas:

  • The right to be informed
  • The right to restrict processing
  • The right to object
  • Rights in relation to automated decision making and profiling.

The GDPR refers to ‘explicit consent’ and outlines what consent is, and how it works.

  • Consent has to be freely given, specific, informed and an unambiguous indication of the individual’s wishes.
  • Consent under the GDPR requires some form of clear affirmative action. Silence, pre-ticked boxes or inactivity does not constitute consent.
  • Consent must be verifiable. This means that some form of record must be kept of how and when consent was given.
  • Individuals have the right to withdraw consent at any time.

While direct marketing can be performed under legitimate interest, both the ICO and Fundraising Regulator say that ‘Consent’ is the safest basis for sending direct marketing. The ICO are clear that consent is one lawful basis for processing data, but it won’t always be the easiest or most appropriate; you should always choose the lawful basis that most closely reflects your relationship with the individual and the purpose of the processing undertaken.

The Fundraising Regulator says that you should only rely on legitimate interest where you can prove that the data was obtained fairly and lawfully, and that you publish your ‘balancing exercise’ to show how you can justify the condition and be confident that you are not harming the freedoms and rights of individuals.

To put this into simple terms.

  • Consent means saying yes
  • Objection means saying no
  • If you are not certain, get consent

In alms.NET, consent and objections are handled by communication and contact preferences. These are audited to provide a history of when consent was given or withdrawn. Contact preferences are ideal for holding objections -previously referred to as the “do not mail” block - and retaining the record of consent to process data. Communication preferences are more granular. These enable you to manage the type of communication you are engaging in, and which channels (post, email etc.) you have consent for.

This may be the time, therefore, to reassess the statements you are making in print, digital and phone interaction with your supporters to ensure that what you are asking is clear, and also that it is accurately reflected in how your preferences are configured in alms.NET.

We will be going into more detail on how alms.NET can assist in this process over the coming weeks. The best way to keep up to date with what is happening in this area is to follow us on Twitter @westwoodforster. We will be posting all these updates on Twitter as well as re-tweeting relevant information from the ICO and IOF. Please encourage others in your organisation to follow us as well.

See our blog at http://www.westwood-forster.co.uk/blog/ for additional posts on GDPR as well as other topics of interest for our sector.

Follow @westwoodforster

Some useful links providing information on the GDPR

Comments

Leave a Comment

(required)

(required)


(required)

stay connected