Volume: 14 Issue: 3
The Information Commissioner’s Office (‘ICO’) released, on 2 March 2017, guidance on consent under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) for public consultation (‘the Guidance’). According to the ICO, the Guidance will assist organisations in deciding when to rely on consent for data processing and when to look for alternatives. In addition, the ICO explained what constitutes valid consent, and how to obtain and manage consent in a way that complies with the GDPR through the provision of a checklist within the Guidance.
William Long, Partner at Sidley Austin, stressed, “The Guidance is extremely helpful, but it will be a wake-up call for organisations in a GDPR world. They are going to have to adopt a completely different mindset and seriously consider their whole approach to consent, how they obtain it and whether it will be appropriate. The detailed requirements may cause a change in some industries where there has been a reliance on consent. Although there may be occasions where consent will be appropriate, if they do go down this route and the Guidance remains unchanged, then it’s not just about updating policies; they will have a host of requirements to consider. What seems clear from the Guidance is that there is no consent at the moment which complies with GDPR standards.”