It’s important that a request for consent be presented in an “intelligible and easily accessible form, using clear and plain language”, and must be presented in a manner which is clearly distinguishable from other matters. This means that consent must not be “bundled” or “pre-ticked” but should be offered as an “opt-in” and where necessary, separated from other matters.
Data subjects must have the right to withdraw their consent at any time and must be informed that they have the right to withdraw their consent at the time of giving consent. It must be as easy to withdraw as to give consent.
It’s critical that consent be ‘freely given’ by the data subject. In determining whether consent is freely given, utmost account must be taken of, inter alia, whether the consent is conditional on the performance of a contract, including the provision of a service, and where the processing of that personal data is not necessary for the performance of that contract. This means that you should ensure that you are not collecting unnecessary personal data from a data subject as a condition of them entering into a contract, for example, a contract for the supply of goods.