Well the answer is not that simple because the GDPR has set the bar pretty high when it comes to consent.
First off, if you already have an existing relationship with customers who have purchased goods or services from you, it may not be necessary to obtain fresh consent.
Also you do not need to automatically refresh all existing individual consents as you prepare for the new law…..but take the time to double check the records to make sure existing consents meet the GDPR standard.
And, obviously, if the consents do meet the GDPR requirement, there is no need to obtain fresh consent.
For individuals where you don’t know or are unsure how you collected their data, you will definitely need to reach out to them and ask for fresh consent.
In most cases this will be done via email and here are some rules you need to follow so you don’t risk non-compliance. In your email:
1. Make sure to Be Open and Transparent
2. Make your email easy to follow so individuals know what they are consenting to
3. Make sure Key information in not hidden or lost in heavy text
4. And lastly, be sure to have opt out mechanisms in your emails for individuals to withdraw easily.
Thanks for joining us today and we hope you found this information helpful. If you have a particular question regarding the upcoming GDPR mandate that you would like us to address, don’t hesitate to reach to us on twitter, Facebook, or email us at email@example.com.
And don’t forget to visit Cybertraining365.com for additional information on GDPR, our online GDPR training library, and other GDPR minute episodes.