GDPR, data, protection, security, cyber security, customer data, flaw

GDPR – Consent

Obtaining Valid GDPR Consent for Information Use

Under the new GDPR regulations your company / organisation must be able to prove clear and affirmative consent to process personal data.

This means that your company / organisation must remember to explain clearly, and exactly what personal data they are collecting and how it will be processed and used. Your company / organisation will therefore need to make sure that this step is built into every occurrence of personal data collection without fail and that the proof is stored and can be accessed quickly if necessary. The information that you supply has to be human understandable i.e. descriptions of products / services / treatments supplied need to clear, and not based around internal codes / product codes.

Opt-in Rather Than Opt Out

Under GDPR, people must be able to opt-in rather than opt out i.e. the options for receiving information (e.g. on web page contact forms) from companies must not be already ticked. The accompanying wording must also clearly state that ticking a box means opting in.

Other Implications Regarding GDPR Consent

Companies / organisations will need to simplify their Terms and Conditions so that they are clear and informative, rather than being filled with confusing, baffling references and legalese. After 25th May, T&Cs and consent requests for the purposes of data processing will need to be intelligible, in an easily accessible form, and written using clear and plain language. It will also need to be easy for a person to withdraw their consent.

Rather than requesting (on a website contact page) that people sign up for something (e.g. a newsletter) and asking for an email address and / or telephone number, the wording could be changed to ask people to sign up to be contacted, not specifying exactly how. It may also aid compliance for an auto-responding email to be sent, asking a person to confirm that they want to opt in. Information such as the date, time and IP address of the individual sign-ups should be recorded, because the data given (name, email and telephone number) identifies the person.

You / your company will not be able to contact anyone after 25th May 2018 that you do not have consent from. This, in theory, could also stop unsolicited emails and phone calls to you, if those companies / organisations choose to comply. It will also mean that you / your company can no longer use lists that you’ve bought to send emails or make calls. This could have implications for affiliate marketing i.e. if affiliates are contacting people on your behalf, you will need to be certain that they are GDPR compliant, and are doing so with consent.

"Rob at Globalnet IT looks after our computer network and we have been very impressed with the service and instant response, minimising our down time. Thanks Rob!"

Car Service and Repair Centre, Rochford, Essex
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650