Data monetisation has grown manifolds in the past decade. It has helped businesses flourish and allowed consumers to enjoy tailored experiences. However, the unregulated use of data and the infringement on individuals’ privacy rights triggered a backlash, and regulators are now introducing strict consent requirements. In this article, we take a look at the best practices that can help you stay compliant.
The most important of these new laws is the European Union’s (EU) General Data Protection Regulation (GDPR), as many other jurisdictions use it as a blueprint. GDPR empowers users to govern how businesses can use their data, and it significantly raised the bar for data privacy laws worldwide. Penalties are harsh and enforcement is firm, so businesses are now setting up dedicated mechanisms to establish compliance.
GDPR requires any organization processing personal data to have a valid legal basis, and one of the six lawful bases is Consent. In article 4, GDPR defines Consent as: “any freely given, specific, informed and unambiguous indication of a data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Here are some practical tips for you to effectively meet GDPR’s stringent consent requirements and make consent management an integral part of your data business.
Separate Consent from Generic Terms and Conditions
GDPR requires you to make a valid request for consent separate from other matters. Consent collection forms and requests must be kept separate from terms and conditions and must avoid technical and legal jargon. Consent information must be easily decipherable and should be presented before any data is recorded.
Keep User Experience at the Forefront
Make sure users understand why their data is being collected and how it could potentially be used. The goal is to make users fully aware of what they are consenting to, to avoid frustrations with your business at a later stage. GDPR mandates that consent should be presented in an intelligible and easily accessible form, using clear and plain language. Therefore, you must design interfaces that are uncluttered, user-friendly, and uncomplicated. You must do it in as few words as possible, especially when gathering consent on mobile devices.
Provide Explicit Choice to Modify Consent
Users should be able to modify or deny consent to process their data at any point in time. Even if users have previously agreed to consent conditions, they are free to withdraw their permissions and must be allowed to do so in an uncomplicated and accessible manner. You must also delete any stored data once a user withdraws their consent (unless it can be processed on another legal basis).
Maintain an Audit Trail
Obtaining consent is not enough. You need to keep a healthy, real-time repository of consent data that can be accessed as and when audits are requested. You should also be able to easily access consent records to update them when users return to modify previous consent authorisations.
Establish an Effective Consent Management System
Most small to medium businesses do not have the legal expertise to keep up with the GDPR fine print. Building your own consent management system requires time, resources, and comes with the additional burden of recurring updates and upgrades. Alternatively, you can choose to deploy a plug and play Consent Management Platform that automates compliance and can be installed with minimal fuss.
Sign up and stay up-to-date about data privacy and consent management