GDPR and consent: What it means and why you should welcome the change
The GDPR (General Data Protection Regulation) is coming. And coming soon. In May we’ll all be having to adhere to the new regulations that replace the current Data Protection Directive 95/46/EC, so we need to know how it’s likely to affect us all.
The new directive aims to harmonise Europe’s data privacy laws and to further protect the data privacy of everyone inside the European Union. Now, there are lots of rules and laws under this compulsory GDPR that’s heading our way, all designed to protect data and privacy and generally improve the digital landscape for everyone concerned. One of the biggest areas that’s going to be affected is the area of ‘consent’.
Currently, the rules are a little hazy and stacked in favour of regular companies and their marketing functions, as well as the more cynical private companies that rely on mining, retaining and even selling individuals’ data. The new regulations aim to address that situation and put consumers firmly in the driving seat in terms of who has their information and how long they can keep it for.
The new rules around consent under GDPR state the following:
‘Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.
Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them.
If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.’
Consent cannot just be ‘assumed’ under the new rules. It also cannot be ‘the easy way’. People must have to specifically agree that they want opting into something. That consent must be given via a process in which the GDPR’s very specific rules and conditions are met and strictly adhered to.
So, to summarise – extremely briefly – consent must be:
- Freely given
- An affirmative act
You will need to contact your existing contact base and get consent from them on data retention. But it needn’t be something to fear. It’s worth emphasising that GDPR should be seen as a marketing challenge and not merely a compliance challenge.
It doesn’t have to be viewed as a slog and a necessary box-ticking exercise. It can actually be used as an excellent excuse to get back in touch with your customer and contact base. View it as an opportunity to revitalise your relationship with them.
You can re-engage with your customers by reminding them why they’re linked to you and why they liked you in the first place. Look upon the GDPR consent process as a time to get creative and use it as an excuse to contact your database and start afresh with them.
It’s also a chance to be transparent, so you can use it as an opportunity to show everyone exactly why you should be trusted.
GDPR is a good thing. Although it presents with it some challenges, it is a positive step for everyone. People deserve to retain their data privacy. And, dealt with cleverly, it can actually be thought of as a tool for marketers.