GDPR Consent Guidance Published by the UK ICO

The United Kingdom Information Commissioner’s Office (UK ICO) released guidance on consent as a legitimate means of processing under the European Union (EU) General Data Protection Regulation (GDPR). We broke down the guidance into this executive summary of consent action items.

Consent Checklist

The consent checklist in the UK ICO guidance is perhaps the most helpful piece of information, though we will highlight other useful information below as well. The consent checklist provides a process for examining your existing consents and determining whether or not you need to seek fresh consent under GDPR; it will also help you prepare fresh GDPR-compliant consent if necessary. See the full checklist here.

Improper Consent Fines

GDPR Article 6(1) requires a lawful basis for processing personal information, and the basis must be documented. Consent is one of the legitimate bases for processing. Infringement of the basic processing principles in GDPR, including improper use of consent, can lead to the highest penalty (4% of global turnover or €20 million) under the GDPR.

Getting Consent Right

 Beyond the checklist, the UK ICO guidance provides a number of ways to get consent right, including: