GDPR in a nutshell | May 25th Aftermath...

The GDPR sets a high standard for consent.

Consent means offering individuals real choice and control. 

Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.

But you often won’t need consent. If consent is difficult, look for a different lawful basis.

• Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.
• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
• Explicit consent requires a very clear and specific statement of consent.
• Keep your consent requests separate from other terms and conditions.
• Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
• Be clear and concise.
• Name any third party controllers who will rely on the consent.
• Make it easy for people to withdraw consent and tell them how.
• Keep evidence of consent – who, when, how, and what you told people.
• Keep consent under review, and refresh it if anything changes.
• Avoid making consent to processing a precondition of a service.

This is a good thing, inside European Community, as well as outside ( including the United Kingdom and any foreign countries).

So, before and after May 25th what things had or still must be done as priorities.

1. Execute your checklist

☐ Do we have checked that consent is the most appropriate lawful basis for processing?

☐ Do we have made the request for consent prominent and separate from our terms and conditions?

☐ Do we ask people to positively opt-in.

☐ Do we don’t use pre-ticked boxes or any other type of default consent?

☐ Do we use clear, plain language that is easy to understand?

☐ Do we specify why we want the data and what we’re going to do with it?

☐ Do we give separate distinct (‘granular’) options to consent separately to different purposes and types of processing?

☐ Do we name our organization and any third party controllers who will be relying on the consent?

☐ Do we tell individuals they can withdraw their consent?

☐ Do we ensure that individuals can refuse to consent without detriment?

☐ Do we avoid making consent a precondition of a service?

☐ If youyou offer online services directly to children, Do you  only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place?

2. Recording consent

☐ Do you keep a record of when and how you got consent from the individual?

☐ Do you keep a record of exactly what they were told at the time?

3. Managing consent

☐ Do you regularly review consents to check that the relationship, the processing, and the purposes have not changed?

☐ Do you have processes in place to refresh consent at appropriate intervals, including any parental consents?

☐ Do you consider using privacy dashboards or other preference-management tools as a matter of good practice?

☐ Do you make it easy for individuals to withdraw their consent at any time, and publicise how to do so.

☐ Do you act on withdrawals of consent as soon as you can?

☐ Do you do something effective & don’t penalize individuals who wish to withdraw consent? (like loss of loyalty points, freemiums, etc...)

Still unsure or uncomplete process? Get the help of professionals to maximize your compliance. Google analytics, Facebook Ads, various platforms such as social media, SaaS, PaaS, e-commerce, social selling, Shopify, Amazon, eBay...

Send your business details to mybebeetv@gmail.com to get your process reviewed from every angle. (company|address|email|phone)