Consent is NOT always required!

Consent is one way of getting the right to use personal data under the General Data Protection Regulations (GDPR).

However, the rules around consent only apply if you are relying on consent as your basis to process personal data.

The new law provides five other ways of processing data that may be more appropriate than consent.

For processing to be lawful under the GDPR, you need to identify a lawful basis before you start.

Local authorities processing council tax information, banks sharing data for fraud protection purposes, insurance companies processing claims information – each one of these examples uses a different lawful basis for processing personal information that isn’t consent.

You know your organisation best and should be able to identify your purposes for processing personal information. Before 25th May 2018, you’ll need to document your decisions to be able to demonstrate which lawful basis you’re using.

See previous posts for more information on the GDPR.

If you would like a short (4 page) briefing document setting out what companies need to be doing right now about the GDPR, please drop an email to karen.mason@novalex.co.uk. If you would like to attend a practical seminar in Milton Keynes on what the changes are and how to implement them, please sign up using this link:

https://www.eventbrite.co.uk/e/gdpr-a-new-era-in-data-protection-tickets-37869021262

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s