All that fuss about nothing

Published: Thu, 05/24/18

Over the past few weeks my inbox has been bursting with emails from organisations that want me to confirm that I am still happy to hear from them. I suspect that yours has too.

So you may be wondering why you haven't had one from me.

The answer is simple: I don't need to ask for your consent as I already have it.

As Steve Wood, the Deputy Information Commissioner said this week: "I keep hearing the myth that 'GDPR says I’ll need to get fresh consent for everything I do' but I can say categorically that this is wrong. You do not need to automatically refresh all existing consents in preparation for the new law.

But the GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent. Where you have an existing relationship with customers who have purchased goods or services from you it may not be necessary to obtain fresh consent.

It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act."

As I started getting these emails I looked again at the GDPR; I thought I must have missed something. But Recital 171 of the GDPR makes clear that you can continue to rely on any existing consent that was given in line with the GDPR requirements by your clients and subscribers and you don't need to refresh that consent.

So think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily. As you know you can unsubscribe from my emails at any time.

To your success

Noel Guilford

PS I am pleased to say that we have put procedures and policies in place at Guilford Accounting, My VA Business and My Bookkeeping Business to ensure that we are GDPR compliant, including the use of encryption software to send documents containing personal data and a secure virtual portal for client documents. We have also updated our privacy and cookie notices which you can find on our websites. However, like most businesses, I am sure we haven't thought of everything and we continue to add third parties to our list of data processors. Remember that data privacy and compliance is an ongoing journey not one that ends on Friday.