Collecting consent under the GDPR

Clear and Distinguishable

It’s important that a request for consent be presented in an “intelligible and easily accessible form, using clear and plain language”, and must be presented in a manner which is clearly distinguishable from other matters. This means that consent must not be “bundled” or “pre-ticked” but should be offered as an “opt-in” and where necessary, separated from other matters.

Right to Withdraw Consent

Data subjects must have the right to withdraw their consent at any time and must be informed that they have the right to withdraw their consent at the time of giving consent. It must be as easy to withdraw as to give consent.

Freely Given

It’s critical that consent be ‘freely given’ by the data subject. In determining whether consent is freely given, utmost account must be taken of, inter alia, whether the consent is conditional on the performance of a contract, including the provision of a service, and where the processing of that personal data is not necessary for the performance of that contract. This means that you should ensure that you are not collecting unnecessary personal data from a data subject as a condition of them entering into a contract, for example, a contract for the supply of goods.

We charge $600 +GST for a tailored GDPR compliant privacy policy. Request it here or fill out the contact form.