ICO publish consultation on GDPR consent guidance


On the 3rd March, the ICO released their long awaited draft guidance on the rules for Consent under the GDPR which will fully come into effect in May 2018. Their guidance notes are a consultation piece and the ICO have extended a deadline until 31st March to receive comments and feedback on the guidance.

Consent, particularly for direct marketers, forms a key component of the changes under the new data protection legislation and so understanding this will be vital in terms of future strategy over how personal data is collected and processed.

In effect, the definition of consent under GDPR isn’t wildly different to the existing one under the Data Protection Act although it does contain more detail. The main changes affect the way you collect consent and the mechanisms for storing and updating this consent. There is greater emphasis on having clear, granular choices up front and control over their consent moving forwards.

One thing to note at this stage; there are 6 lawful bases listed within GDPR for processing personal data. Consent is one of them. One of the others is Legitimate Business Interest and there are several references to this within the guidance notes as an alternative to consent.

Under GDPR, direct marketing is acknowledged as a legitimate business interest and so marketers will increasingly be relying on this as a grounds for processing personal data rather than on consent. For some channels of communication, such as electronic (email, SMS etc.), you will have no option but to gain consent as these are covered under the ePrivacy laws (PECR). However, for other channels, including direct mail, you can rely on legitimate business interest (assuming you meet their criteria) which can still be collected under an ‘opt-out’ mechanism.

I feel that the ICO also need to issue clear guidance on legitimate business interest as a grounds for processing personal data alongside the consent guidance in order for companies, particularly direct marketers, to be able to differentiate between the two. Otherwise I suspect many will read the consent guidance notes and feel that these need to apply to all the activity they do. There is still a lack of clarity on this point for direct marketers.

Another consideration, for the charity sector specifically, is that these guidance notes need to be taken into account alongside the recently published ‘Personal Information and Fundraising Consent, Purpose and Transparency’ guidance notes issues by the Fundraising Regulator. While this report.

Top Articles

Find a Fresh Escape with National Trust’s New Brand Campaign, “Space to Feel”

This week, National Trust launched its new brand campaign, “Space to Feel,” a campaign crafted to echo the...

Championing Mental Health: How Medialab Group Leads by Example

This Mental Health Awareness Week, I am proud to share that Medialab have attained the IPA People First...

Key Highlights from Medialab's Q1 Charity Knowledge Share

To help keep our charity clients informed and regularly updated on the industry trends that impact their investment...

Medialab Fills Newly Created Role of Strategy Director

As seen in Campaign Magazine.   Harry Darlington has been hired in the newly-created role of strategy director at...

5 Data Driven Tips to Help Supercharge Your Charity

Charities boast portfolios that are more diverse than almost any other kind of organisation, with creative content portraying...

Our Account Director, Ellie

Ellie Aries stepped into her role as Account Director at Medialab with enthusiasm and expertise, 9 months ago....