The Information Commissioner’s Office (ICO) has just issued a draft version of their guidance on consent under the upcoming General Data Protection Regulation (GDPR). They have asked for any comments or input on the guidance to be sent to them by 31 March 2017.

The draft guidance gives further detail on what the ICO will expect organisations to be doing in order to properly obtain consent to process personal data. Amongst other issues, the draft guidance makes it clear that pre-ticked boxes will no longer meet the requirements of consent, as the consent needs to be unambiguous and requires a clear affirmative action.

The ICO also emphasises how important it is to keep good records of consent and to check that existing consents meet the new requirements after May 2018. If an organisation is unable to meet the new requirements for consent, then they should be looking to see if they can met another lawful basis for processing personal data under the GDPR.

If you want to have your say on the guidance, the consultation and draft guidance can be found here.

The GDPR is going to be the biggest change to data protection laws since the Data Protection Act came into force in 1998. If you would like to discuss how these changes will affect your organisation, please contact Tracey Wakelam at Exeter solicitors covering Devon, Cornwall and the rest of the UK.