
Should we rely on consent?
- Don’t use pre-ticked boxes, opt-out boxes or another default setting when obtaining consent;
- Wherever possible, give separate (‘granular’) options to consent to different purposes and different types of processing (for example separate consent to receive information by email than by SMS message);
- Make sure that the request for consent is clear and unambiguous;
- Keep the request for consent prominent concise and easy to understand;
- Keep the consent opt in separate from other terms and conditions (it must be freely given);
- Ensure that the individual can refuse consent without receiving a reduced service (for example still access some areas of a website without a login);
- Keep records to evidence consent – who consented, when, how, and what they were told.
- Make it easy for people to withdraw consent at any time they choose. Consider using preference-management tools.
What should we tell individuals?
- the name of your organisation;
- the name of any third-party controllers who will rely on the consent;
- what information is being collected
- why you want the information;
- what you will do with it; and
- that individuals can withdraw consent at any time.
Keep under review
Recommendations
- check that consent is the most appropriate ground legal for processing
- check that consent can be given (for example is the individual vulnerable or a child?)
- is consent freely given (rather than tied in with agreement to wider terms and conditions)
- make sure that you have clearly told individuals what you will be doing with their data (and not use it for any other purpose)
- make sure your Privacy Notice and any wording around the consent is clear about processing based on consent
- make sure that you have allowed individuals to choose how they want to be contacted (SMS, email, etc)
- make sure that unsubscribing (or withdrawing consent) is straightforward
- regularly review the consent gathering process (and how long you rely on an individuals’ consent)
- keep records
LawBite can help

In closing
Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.
Related Articles
Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.

- By Lawbite Team
- November 16, 2020
ICO Fines - Not Just Big Companies Under Scrutiny on GDPR
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...

- By Lawbite Team
- March 26, 2020
COVID-19: Remote working and protecting personal data
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...

- By Lawbite Team
- March 19, 2020
Data protection and Coronavirus - What you need to know
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.