Asking consumers for their consent before gathering, storing and using their data is an area many businesses currently fall short on.
A significant proportion of businesses package in their consent 'tick-box' to go along with terms & conditions, or fail to make clear to consumers exactly what it is that they are consenting to.
Under the General Data Protection Regulation (GDPR), which comes into effect in May 2018, businesses are going to have to think much harder about consent, which is the cornerstone of the new regulation. The headline areas which Irish businesses need to be aware of are that:
* The GDPR states that consent must be “freely given, specific, informed and unambiguous” so that consumers make an informed choice on whether or not they want an organisation to store and/or use their data
* From May 2018 consent must and must be separate from other terms and conditions in order to make sure that it stands out – it cannot be hidden away at the bottom of a long paragraph or T&C's.
* Individuals must be given a genuine choice about what data is processed and how it is processed
* Crucially, individuals must be capable of withdrawing their consent with the ease that they give it – no organisation should consider an individualise consent to use their personal data as permanent
Any business who holds data of EU citizens will need to review consent policies and procedures to ensure that they meet the new standards outlined by the GDPR before May 2018 – the alternative are stiff penalties and significant reputational damage.
If your preparations for the implementation of GDPR are not already well underway, the Datasec 2017 conference on May 3 in the RDS in Dublin is going to provide all you need to know.
The event will provide expert speakers, information and insight to help your business comply with GDPR and get the most out of the new legislation. Click here to book your place now.