GDPR – IT’S NOT ALL ABOUT CONSENT



The General Data Protection Regulation comes into force tomorrow. Despite what you may have heard, GDPR is not only about getting consent to process the personal information of those people your company interacts with. In the last few days, as the implementation date approaches, you may have been forgiven for believing this to be the case. A degree of panic among businesses appears to have set in regarding the consent issue. Stories of unnecessary GDPR consent emails clogging up inboxes have been widely reported. And the Information Commissioner’s website that contains detailed GDPR compliance guidance has crashed. Whether this is due to the sheer volume of traffic following relentless media pressure is unclear.


data protection Attorney London


At Big Data Law we have been advising on and writing about GDPR implementation for some time. Granted, it represents a big change for businesses that handle personal data with heavy fines a possibility. But it’s important not to overreact. Bespoke advice from a specialist solicitor ensures your business meets its GDPR obligations in the right way and provides peace of mind that you won’t face regulatory intervention.
SIX LAWFUL BASES FOR PROCESSING DATA
The media focus on the issue of consent is misleading. In fact under GDPR there are six ways to lawfully process personal data. These are:
·      Consent – which must be given clearly
·     Contract – where data processing is necessary for you to perform a contract with the individual
·      Legal obligation – where you need to process the information to comply with the law Vital interests – when the processing of data is essential to protect a life
·    Public task – where you need to process the data to do something in the public interest Legitimate interests – when processing is necessary in the legitimate interests of you or a third party It’s important for our clients to understand that they must establish the basis of processing before they start. And it’s worth giving this careful consideration because it’s not always straightforward to change your basis for processing later on.


data protection Attorney London



CONSENT AS THE BASIS FOR DATA PROCESSING: WHAT DOES GDPR SAY?

GDPR is all about giving the individual greater protection over his or her personal data. When it comes to consent this means companies must meet a higher test than under the previous law.  So a pre-ticked box on your website for example will not be enough to infer consent. Instead you must obtain explicit consent by using clear language. And it must be easy for the individual to withdraw consent at any time.  
Reassuringly however the Information Commissioner has been quite clear that companies do not necessarily need to obtain fresh consent from everyone on their databases. If the current consent meets GDPR standard there is no obligation to get further agreement to process an individual’s data.

GETTING THE RIGHT ADVICE
This misconception that new consent is necessary in EVERY case perhaps explains the explosion in emails coming from companies trying to cover themselves in the immediate run-up to GDPR. But every company and every data set is different. With specialist GDPR advice you can ensure your company devotes its energies to complying with the new data protection landscape in the correct way.
At Big Data Law in London we offer a range of GDPR compliance services to national and international bodies.
For an initial conversation on your GDPR requirements contact data protection Attorney London.

You can Call one of our specialist solicitors on 0203 670 5540.


Location: 59 Alleyn Rd, London SE21 8AD, UK

Comments

Post a Comment

Popular posts from this blog

HOW WILL GDPR AFFECT EMBASSIES AND CONSULATES

Image
With the GDPR coming into force in the UK on 25 May 2018 it is worth highlighting that the regulations have a broad territorial scope. For embassies and consulates in particular, non-compliance with GDPR could have  serious repercussions  not just for the organisation itself but also for the citizens and commercial enterprises that rely on embassy or consular services. WHERE DOES GDPR APPLY? EU EMBASSIES WITHIN THE EU AND ABROAD Article 3 of the GDPR deals with territorial scope. Where will the new rules apply? For a start the GDPR broadens the international reach of EU data protection rules. They will apply to: ·       The processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. ·       The processing of personal data of data subjects who are in the Union by a control...
Read more

FACEBOOK, CAMBRIDGE ANALYTICA AND THE IMPACT ON GDPR ENFORCEMENT

Image
Facebook’s Mark Zuckerberg  has broken his silence to comment on the unfolding Cambridge Analytica data scandal. He has announced steps his organisation will take to deal with the fallout that has resulted from Cambridge Analytica’s acquisition of the personal data of up to 50 million Facebook users. As the hashtag #deleteFacebook gains momentum it remains to be seen whether Facebook’s actions will be enough to stem the slide in the company’s share price or to restore the credibility of the social media platform. But as we ready ourselves for GDPR, the Facebook/Cambridge Analytica debacle is sure to have repercussions for any company that holds personal data belonging to EU consumers. 3 REASONS WHY GDPR COMPLIANCE MORE IMPORTANT THAN EVER We believe the Cambridge Analytica story makes GDPR compliance more critical than ever for three reasons: ·       The furore has propelled the subject of data protection to the forefront of the politic...
Read more