ICO publish consultation on GDPR consent guidance


On the 3rd March, the ICO released their long awaited draft guidance on the rules for Consent under the GDPR which will fully come into effect in May 2018. Their guidance notes are a consultation piece and the ICO have extended a deadline until 31st March to receive comments and feedback on the guidance.

Consent, particularly for direct marketers, forms a key component of the changes under the new data protection legislation and so understanding this will be vital in terms of future strategy over how personal data is collected and processed.

In effect, the definition of consent under GDPR isn’t wildly different to the existing one under the Data Protection Act although it does contain more detail. The main changes affect the way you collect consent and the mechanisms for storing and updating this consent. There is greater emphasis on having clear, granular choices up front and control over their consent moving forwards.

One thing to note at this stage; there are 6 lawful bases listed within GDPR for processing personal data. Consent is one of them. One of the others is Legitimate Business Interest and there are several references to this within the guidance notes as an alternative to consent.

Under GDPR, direct marketing is acknowledged as a legitimate business interest and so marketers will increasingly be relying on this as a grounds for processing personal data rather than on consent. For some channels of communication, such as electronic (email, SMS etc.), you will have no option but to gain consent as these are covered under the ePrivacy laws (PECR). However, for other channels, including direct mail, you can rely on legitimate business interest (assuming you meet their criteria) which can still be collected under an ‘opt-out’ mechanism.

I feel that the ICO also need to issue clear guidance on legitimate business interest as a grounds for processing personal data alongside the consent guidance in order for companies, particularly direct marketers, to be able to differentiate between the two. Otherwise I suspect many will read the consent guidance notes and feel that these need to apply to all the activity they do. There is still a lack of clarity on this point for direct marketers.

Another consideration, for the charity sector specifically, is that these guidance notes need to be taken into account alongside the recently published ‘Personal Information and Fundraising Consent, Purpose and Transparency’ guidance notes issues by the Fundraising Regulator. While this report.

Top Articles

Maternity Leave: embracing the journey back to work

I was so confident in my return to work from Maternity Leave that I decided to do a...

Medialab Appoints New Head of Planning from IPG

As seen in Campaign Magazine. Jess Talbot is one of two new recruits Medialab has added to grow...

Marketing and Fundraising: Harnessing the Two Speeds of Charity Growth

A misperception of charity activity is that fundraisers and marketers are addressing different goals. This is not the...

Standard Life Appoints Medialab as its Media Agency Partner

 Medialab, the UK’s leading independent media agency, has been appointed by Standard Life, part of Phoenix Group, as...

Black History Month: Black at Work

Navigating the Media Industry as a Black Person Last month we were host to an inspiring panel discussion,...

Meta Joins X in Launching an Ad-Free Subscription Model

A New Vision For Social Platforms or a Sidestep Around Data Regulation?   Meta has officially announced it...