Consent is probably the most misused and misunderstood concept in the UK GDPR and its European cousin. For some, it’s the centre of the data protection universe, the only possible option to justify the use of personal data. For others, it’s an unachievable goal, a riddle that individuals can never resolve because data processing is just too darn complicated for anyone to explain to them.
The purpose of this session is to dispel the two competing myths. I’ll look at what GDPR consent actually requires, how you obtain it and how you prove that you’ve got it. I’ll cover all the important issues in an hour and a half.
- What constitutes consent
- Verbal consent
- How often you have to renew consent
- The building blocks: unambiguous, freely given, specific, informed, demonstrable
- Explicit consent for special categories: what’s different?
- Consent for children / parents
- Consent for employers
- What to do if you want to change data use