The Information Commissioner’s Office has begun a consultation exercise on its draft ‘GDPR consent guidance’
In a blog post from Jo Pedder, Interim Head of Policy and Engagement, the ICO has announced the publication of its ‘first piece of detailed topic-specific GDPR guidance’. The ‘GDPR consent draft guidance’ and the related consultation document can be accessed here. The consultation runs until 31 March 2017.
Jo Pedder said:
‘The basic concept of consent, and its main role as one lawful basis (or condition) for processing, is not new. However the GDPR does set a high standard for consent. It builds on the Data Protection Act (DPA) standard of consent in a number of areas, and it contains significantly more detail on both the standard and processes for consent.
Basing your processing of customer data on GDPR-compliant consent means giving individuals genuine choice and ongoing control over how you use their data, and ensuring your organisation is transparent and accountable.’
The draft guidance sets out a recommended approach to compliance and what counts as valid consent. It aims to provide practical help to decide when to rely on consent, and when to look at alternatives. The ICO aims to publish final guidance in May but states that the ‘timescale may be affected if we need to take account of developments at the European level’.
A call for evidence on technical solutions for obtaining and managing consent and agreed further guidelines from the Article 29 Working Party are expected later in the year.