If your business is based in the EU, or you process the personal data of individuals in the European Union, the GDPR affects you. When relying on consent as your legal basis for processing, the GDPR says the consent has to be freely given, specific, informed, and unambiguous.
Let’s see how you can make sure you’re earning consent in the right way with these actionable tips and form examples.
If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent. Avoid complex phrasing when explaining reasons for consent: specify why you want the data and what you’re going to do with it in “plain English”.
Don’t forget to clearly name your organization and any third parties relying on the user’s consent.
Your mechanism for acquiring consent must involve a clear affirmative action: pre-ticked checkboxes or any other type of consent by default are not allowed.
Consent should be specific to a particular activity in order to be considered valid: when you ask for consent, this needs to be separate from other terms and conditions.
Users have the right to withdraw their consent at any time and you should clearly tell them where and how to do it without detriment. Never hide your unsubscribe button.
GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. Without these records, the consent you collect is considered invalid. Your records of consent should include:
Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.