The conditions for consent have been improved under the GDPR, as organisations can no longer use long, unintelligible Terms and Conditions full of legalese.
The request for consent must be written in plain language in an unambiguous and easily accessible form, with the purpose for Data Processing attached.
The request for consent must be easily distinguishable from other communication.
It must also be as easy to withdraw Consent, as it is to give it.
‘Explicit’ consent is required only for Processing sensitive Personal Data, where the consent must be ‘opt in’. However, for non-sensitive data, ‘unambiguous’ Consent will be sufficient.
In most cases, Consent should be a last resort, as it can be withdrawn at any time by the Data Subject, so other methods such as contract, should be used.
Where can I find out more information about what the difference is explicit and unambiguous Consent in regard to Data Processors?
The Jaz'ing Up GDPR! book covers what the difference is explicit and unambiguous Consent in regard to Data Processors in more detail in a fun and easy to understand way without all of the bureaucratic legalise that is common in all other books and discussions about the GDPR.
The book is full of cartoons and call outs to make it easier to grasp what GDPR is all about and is split into 3 main sections.
- GDPR Nuts and Bolts explains everything you need to know about the GDPR and what the difference is explicit and unambiguous Consent in regard to Data Processors.
- Staff Toolbox that is designed for staff who work with personal data and need to get a grounding on the subject.
- Your Rights as a Data Subject is written from the point of view of the individual person who is affected by the GDPR so that they know there rights and the types of things they will be asking for.