• Supporting clients through COVID-19 and Brexit

  • Supporting clients through COVID-19 and Brexit

  • Brachers
  • Home
  • COVID-19
  • Insights
  • Our People
  • Careers
  • About Brachers
    • Our Story
    • Awards and Accreditations
    • Corporate Social Responsibility
  • Events
  • Pay online
  • Conveyancing quote
  • Contact us
    • Solicitors in Maidstone
    • Solicitors in Canterbury
    • Debt Payment
  • Personal Law
    • Personal Law
    • Court of Protection
    • Dispute Resolution
    • Employment Law Advice
    • Family and Divorce
    • Medical Negligence
    • Personal Injury and Industrial Disease
    • Powers of Attorney
    • Property and Conveyancing
    • Tax Planning
    • Trusts
    • Wills and Probate
  • Business Law
    • Business Law
    • Commercial Law
    • Commercial Dispute Resolution
    • Commercial Property Law
    • Corporate, Banking and Finance
    • Debt Recovery
    • Defending Industrial Disease Claims
    • Employment Law & HR Support
    • Environmental Law
    • Insolvency
    • Licensing Law
    • Planning Law
    • Regulatory Law
  • Sector Support
    • Sector Support
    • Agriculture and Rural
    • Charities
    • Construction
    • Education
    • Healthcare
    • Life Sciences
    • Primary Care
    • Property Managers, Investors and Landlords
    • 01622 690691
    • Pay Online
    • Conveyancing Quote
    Brachers
  • Brachers
    • COVID-19
    • Insights
    • Our People
    • Careers
    • About Brachers
      • Our Story
      • Awards and Accreditations
      • Corporate Social Responsibility
    • Events
    • Contact Us
      • Maidstone office
      • Canterbury office
      • Debt Payment
    •  
  • Personal Law
  • Business Law
  • Sector Support
  • Court of Protection
    • Court of Protection
    • Benefits Advice for Financial Attorneys and Deputies
    • Financial Deputy Applications Advice
    • Gifting Applications
    • Professional Financial Attorney and Deputy
    • Statutory Will Applications
    • Welfare Applications
  • Dispute Resolution
    • Dispute Resolution
    • Alternative Dispute Resolution ‘ADR’
    • Consumer Disputes
    • Landlord and Tenant Disputes
    • Professional Negligence Disputes
    • Property & Land Law Disputes
    • Wills, Trusts and Probate Disputes Solicitors
  • Employment Law Advice
    • Employment Law Advice
    • Director Disputes
    • Disciplinary, Capability, Sickness and Grievance Issues
    • Settlement Agreements
    • Tribunal Claims Advice and Representation
  • Family and Divorce
    • Family and Divorce
    • Arbitration
    • Children Law
    • Civil Partnership
    • Collaborative Law
    • Divorce
    • Financial Settlement on Divorce
    • Injunctions
    • Cohabitation
    • Mediation
    • Pre and Post Nuptial Agreement
  • Medical Negligence
    • Medical Negligence
    • Accident and Emergency Claims
    • Birth Injury Claims
    • Cancer Diagnosis Claims
    • Cardiac and Vascular Claims
    • Child Injury Claims
    • Cosmetic Surgery Claims
    • Fatal Injury Claims and Inquest Representation
    • Medical Negligence FAQs
    • Ophthalmic Claims
    • Orthopaedic and Spinal Injury Claims
  • Personal Injury and Industrial Disease
    • Personal Injury and Industrial Disease
    • Asbestos Disease
    • Fatal Accident Claims
    • Head Injury
    • Mesothelioma Claims
    • Other Industrial Disease Claims
    • Other Personal Injury Claims
    • Post Traumatic Stress Disorder/Psychiatric Injury Claims
  • Powers of Attorney
    • Powers of Attorney
    • Elderly and Vulnerable
  • Property and Conveyancing
    • Property and Conveyancing
    • Buying and Selling Residential Property
    • Declarations of Trust
    • Equity Release
    • Mortgages
    • Lease Extensions
    • Occupiers and Tenants Law
    • Plot Sales
    • Residential Tenancies
    • Transfer of Equity
    • Joint Tenancy or Tenancy in Common
  • Tax Planning
  • Trusts
    • Trusts
    • Brachers Trust Corporation
    • Setting up a Trust
    • Trust Management Services
  • Wills and Probate
    • Wills and Probate
    • Probate and Estate Administration Solicitors
    • Wills
    • Wills, Trusts and Probate Disputes Solicitors
  • Coronavirus Support for Families and Individuals
  • Commercial Law
    • Commercial Law
    • Commercial Agreements
    • Commercial Projects
    • Information Technology
    • Intellectual Property (IP)
  • Commercial Dispute Resolution
    • Commercial Dispute Resolution
    • Alternative Dispute Resolution ‘ADR’ for Business
    • Business to Business Disputes
    • Contract Disputes
    • Corporate Disputes
    • Intellectual Property and Technology Disputes
    • Partnership Disputes
    • Property and Land Disputes
  • Commercial Property Law
    • Commercial Property Law
    • Finance Advice for Commercial Property
    • Occupiers and Tenants
    • Property Managers, Investors and Landlords
    • Property Developers
  • Corporate, Banking and Finance
    • Corporate, Banking and Finance
    • Shareholder Arrangements and Share Option Schemes Advice
    • Corporate Banking Law and Asset-Based Lending
    • Corporate Restructures and Demergers
    • Legal Advice for Joint Venture Companies
    • Mergers, Acquisitions and Disposals
    • Partnership and LLP
    • Private Equity and Venture Finance
  • Data Protection and GDPR
  • Debt Recovery
    • Debt Recovery
    • Credit Management
    • Portfolio Management and Outsourcing
    • Consumer Collections and Recoveries
  • Defending Industrial Disease Claims
    • Defending Industrial Disease Claims
    • Defending Asbestos Claims
    • Defending Hearing Loss / Deafness Claims
  • Employment Law & HR Support
    • Employment Law & HR Support
    • Brachers Protect
    • Employment Contracts
    • Discrimination, Discipline, Dismissals & Grievances
    • Employee Exits and Settlement Agreements
    • Employment Law Developments
    • Employment Law Training
    • Employment Tribunal Claims
    • Industrial Relations
    • Redundancy, Reorganisation & Restructuring
    • Restrictive Covenants
    • TUPE Law
    • Wellbeing at Work
    • Workplace Wellbeing Review
  • Environmental Law
  • Insolvency
    • Insolvency
    • Services to Businesses & Company Directors
    • Services to Creditors
    • Services to Insolvency Practitioners
  • Licensing Law
  • Planning Law
  • Regulatory Law
    • Regulatory Law
    • Criminal Prosecution Law
  • Coronavirus Support for Businesses
  • Agriculture and Rural
    • Agriculture and Rural
    • Commercial Law in Rural Business
    • Corporate Law in Rural Business
    • Employment Law in Rural Business
    • Family Law in Rural Business
    • Health and Safety Law in Rural Business
    • Planning & Environmental Law
    • Rural Property and Buildings Law
    • Secured Lending in Rural Business
    • Solving Disputes in Rural Business
    • Succession Planning for Farming Businesses
  • Charities
    • Charities
    • Charity Mergers and Collaboration
    • Funding Advice for Charities
    • HR Advice for Charities
    • Kent Good Governance Charity Forum
    • Organisational Review for Charities
    • Setting up a Charity or Social Enterprise Legal Advice
  • Construction
    • Construction
    • Construction Disputes
    • Construction Project Documentation
  • Education
    • Education
    • Academy conversions and free schools
    • Development and Expansion
    • Education Matters Forum
    • Freedom of Information and Data Protection
    • Governance, Complaints and Appeals Law in Education
    • Legal Advice when Purchasing Goods and Services for Schools
    • Legal Advice for School Premises
    • Legal Advice for Staff Management
  • Healthcare
    • Healthcare
    • NHS
    • Independent Healthcare Providers
    • Legal Support for Care Providers
    • Medical Defence
  • Life Sciences
  • Primary Care
    • Primary Care
    • Commercial and NHS Contracts
    • Employment & HR Law for GPs
    • GP Federations Advice
    • GP Partnership Agreements
    • GP Premises
    • New Premises, Development & Expansion
  • Real Estate
    • Property Managers, Investors and Landlords
    • Property Developers

Home > Insights > GDPR – the myth about consent

  • Insights
    Insight - Commercial Law, Data Protection and GDPR - POSTED: December 6 2017

    GDPR – the myth about consent

    We consider the new requirements for consent and consider the other lawful bases on which processing personal data can be justified in compliance with the GDPR.

    • Share this article
      Share
    • Print this article
  • To ensure that any processing of personal data is lawful under the General Data Protection Regulation (“GDPR”), your organisation must identify a lawful basis on which it proposes to carry out such processing.

    It is a common misconception that consent is the only basis on which to justify the processing of personal data. In fact, there are six bases an organisation can rely on to justify processing; consent is only one of them.

    In this briefing, we will consider the new requirements for consent and consider the other lawful bases on which processing personal data can be justified in compliance with the GDPR.

    Consent

    Historically the business community has relied on the use of a default opt-out or pre-selected tick boxes (which are often ignored) as a means of obtaining consent under the Data Protection Act 1998. The obligation to obtain consent under the GDPR is much more onerous and such methods will no longer be acceptable. Organisations will need to adopt other methods such as unticked opt-in boxes which require a tick or other opt-in methods.

    Under the GDPR, consent must be freely given. When explaining consent, it will be a requirement to use clear and plain language. Consent also needs to be specific and informed. This means that organisations must include details of the controller (i.e. your organisation and any third parties relying on the consent), the purpose of the processing, the type of processing and the right to withdraw consent at any time.

    It will not be enough to rely on blanket consent. Where appropriate, separate consent will be necessary for different types of processing.

    Consent requests should also be kept separate from other terms and conditions.

    Parents of guardians of children under the age of 13 will be required to give consent to information services.

    It must also be just as easy to withdraw consent as it was to give it in the first place and people must be advised of this right.

    Organisations must keep records to evidence consent so that they can show what people were told and when and how they consented.

    Getting it wrong could mean a fine of up to 20 million euros or 4% of your organisation’s worldwide annual turnover, whichever is higher.

    If your organisation relies on consent at the moment, it will need to review this consent and the mechanisms for obtaining it to ensure it meets the standards of the GDPR. If it does not, your organisation will need to take steps to renew or refresh consent. It will also need to keep its consents under review if its purposes or activities change.

    Although consent can legitimise the use of a special category data, restricted processing, automated decision making or overseas transfers, it is only one of the bases on which processing can be lawfully carried out in accordance with the GDPR.

    Consider whether there is another lawful basis which is more appropriate to your organisation and if so, advise individuals what this basis is from the start.

    Consent will be necessary for most marketing calls or messages, website cookies or other online tracking methods, or to install apps or other software on people’s devices. However, if your organisation is in a position of power such as a public authority or an employer, consent may not be appropriate as consent will not be regarded as being given freely. Your organisation should, therefore, consider another basis for processing.

    What are the alternatives to consent?

    • Necessary for performing a contract with an individual or to take steps at the individual’s request prior to entering into the contract

    For example, if your organisation has entered into a contract with a customer to supply goods and/or services. This also includes steps taken at the individual’s request before entering into a contract.

    • Necessary for compliance with a legal obligation to which the data controller is subject

    For example, the law requires your organisation to process the data for a particular purpose.

    • Necessary to protect the vital interests of a data subject or another person

    For example, the processing is necessary to protect the life of the data subject or someone else.

    • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

    For example, an organisation needs to process personal data to carry out its official functions or a task in the public interest such as a public body.

    • Necessary for the purposes of legitimate interests pursued by the data controller or third party

    If your organisation is in the private sector, data can be processed if your organisation has a genuine and legitimate reason for processing personal data unless this is outweighed by the harm to the individual’s rights and interests.

    Conditions for processing a special category of personal data

    The above considers the lawful bases on which processing personal data can be justified in compliance with the GDPR. There are different bases which an organisation must consider when it proposes to carry out the processing of sensitive personal data.

    Under the GDPR sensitive personal data is referred to as special categories of data and includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

    Obtaining explicit consent of the data subject is one way to justify processing a special category of personal data. When obtaining express consent, there will be a requirement to include an express statement of consent which is separate from any other consents specifying the nature of the special category data, the details of the automated decision and its effects or the details of the data to be transferred and the risks of the transfer.

    There are other lawful bases set out in the GDPR that can be satisfied where the processing relates to a special category of personal data which are more limited and specific and are beyond the scope of this briefing note.

    Whatever the reasons for processing personal data or a special category of personal data (as the case may be), this will need to be documented so that your organisation can demonstrate to the Information Commissioner’s Office which lawful basis it is relying on under the GDPR.

    Implementation

    The new Data Protection Bill was published in September 2017 and is currently making its way through Parliament. It is too early to know what form the final Data Protection Bill will take and it may differ from the GDPR in some respects. Brachers will continue to monitor the situation and highlight any points where differences are likely to have a material effect.

    How can we help?

    For further information and advice on the GDPR please contact our specialists:

    Erol Huseyin or Julie Alchin in our Commercial team

    Catherine Daw or Antonio Fletcher in our Employment team

    Can we help?

    Take a look at our Commercial Law, Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Key contact:

    • Brachers Corporate & Commercial Partner Erol Huseyin

      Erol Huseyin

      Partner,

    Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. Please view our website and cookie policy for more information
  • Related Articles & Events

    View all
  • Commercial Law, Data Protection and GDPR

    Cyber-crime: are you prepared?

    Insight

    Posted 7th July 2017

  • Commercial Law

    High streets need to adapt to survive new retail environment

    Insight

    Posted 6th February 2015

  • Commercial Law

    Brachers advises on sale of manufacturer Farmura

    News

    Posted 19th August 2014

  • Brachers with you all the way Logo
    • Statutory Information (including complaints policy)
    • Cookie Policy
    • Refund Policy
    • Privacy Statement
    • Terms of Engagement
    • Website Accessibility
    • Contact Us
    • Sitemap
  • Contact Us

    T: 01622 690691
    F: 01622 681430
    E: hello@brachers.co.uk
    • LinkedIn Icon
    • Facebook Icon
    • Twitter Icon

    Sign up for our newsletter

    Unsubscribe from our newsletter

    SIGN UP
  • Head Office

    Somerfield House
    59 London Road
    Maidstone
    Kent
    ME16 8JH


    T: 01622 690691

  • Medway House

    81 London Road
    Maidstone
    Kent
    ME16 0DU

     

     


    T: 01622 690691

  • Canterbury Office

    First Floor
    Graylaw House
    20-22 Watling Street
    Canterbury
    Kent
    CT1 2UA


    T: 01227 949510