The GDPR defines consent as:
Freely given, specific, informed and unambiguous consent; which informs subscribers about the brand that’s collecting the consent and provides information about the purpose of collecting personal data
via the ICO, May 2017.
Consent means offering individuals real choice and control. Genuine consent should put your customers in charge, build trust and engagement, and enhance your reputation. The important thing with GDPR is that your customer base knows what they are signing up for.
How Consent should be obtained, managed, and recorded:
Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include:
- The name of your organization
- Why you want the data
- What you will do with the data
- Individuals can withdraw consent at any time
We have put together an example of a compliant GDPR Consent form below. If you would like a copy of this, where you can input your own company logo, please email email@example.com or firstname.lastname@example.org.
We have suggested a list of best practices to help you bring your consent forms in compliance with GDPR:
1. Use easy, clear language
Consent must be unambiguous. This means customers need to easily understand what they are signing up for. Avoid double negatives, and use the simplest language possible. If there is any room for doubt, it is not valid consent!!
2. Customers should actively opt-in
Under GDPR pre-ticked checkboxes will become a thing of the past, there’s no longer mean a customer has given consent. Pre-ticked boxes, opt-out boxes or default settings should be avoided. Options need to have equal prominence. Consent must be explicitly given.
3. Let customers freely choose content, channel, and frequency and gain consent for each
Try to provide granular consent options for each marketing type, as blanketing will not provide your customers with an outstanding experience. This should also apply to frequency and channel. Customers should be provided with frequency and channel preference options as well. As always, consent must be gained at each level.
4. Do not tie consent to other agreements, nor use incentives
Be sure to keep SMS marketing consent requests separate from other bundled terms and conditions. Under GDPR consent should not be a precondition of signing up to a service, unless it is necessary for that service.
5. Explain clearly how customers can withdraw consent
Make sure your customers are well informed on their right to withdraw consent, and detail clearly exactly how they can do this. GDPR states that consent should be as easily withdraw as it is given, meaning you will need to have simple and effective withdrawal mechanisms in place. Eg – Providing an opt-out option.