The General Data Protection Regulation UK Spelling - Page 9

Consent Consent The move to the GDPR will require organisations to review their current consent practices and audit their existing consents. Under the new legislation, consent will mean offering individuals the opportunity to positively opt-in. Under the GDPR, silence, pre-ticked boxes or inactivity is presumed inadequate to confer consent and indeed, organisations must also ensure that a transparent opt-out option is readily available. Under the GDPR consent must be: • freely given, specific, informed and unambiguous • a statement or clear affirmative action In addition to obtaining consent, organisations must keep clear records and be able to demonstrate evidence of consent if required. Under the new legislation, organisations must inform individuals of their right to withdraw consent at any time and their rights to be forgotten; to have access to their personal data and their right to be informed. Organisations should review their existing consents and check they comply with the new GDPR, if they do not fresh consent must be obtained. SAN FRANCISCO | NEW YORK | LONDON | READING | PRAGUE | KUALA LUMPUR | SYDNEY