When the new General Data Protection Regulation (GDPR) comes into effect on 25th May 2018, how you get consent to market to your customers may need to change. Under the GDPR, the definition of consent has changed, it is now defined as:
“freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The Information Commission Office (ICO) explained that a bit more simply:
“The GDPR sets a high standard for consent, but the biggest change is what this means in practice for consent mechanisms. You will need clear and more granular opt-in methods, good records of consent, and simple easy-to-access ways for people to withdraw consent”
Consent is only valid if you can demonstrate that the individual has consented, therefore positive opt-in is essential. You cannot rely on an opt-out as a form of consent, because valid consent cannot be inferred from silence, pre-ticked boxes or inactivity.
It’s time for separate tick boxes
Where multiple matters are being consented to you must get consent for each separate method. For example, if you want to market a contact via email, telephone and social media advertising you need clear and separate consent for each method.
Consent can’t be hide and seek
You might want to consider responding to email leads over the telephone wherever possible. That way you can ask for the relevant consents as part of your own process for adding a tenant, buyer, potential landlord or vendor to your database. The benefit of this is that you’re more likely to get a higher percentage of your potential customers giving consent over the phone than they will either by email or through an online form.
If you choose to get consent over the phone, it’s worth noting that you still need a written record to show you have captured verbal consent, what you have received consent for and when the consent was given. It is only you that needs to write this down, the consumer you’re dealing with does not need to do anything in writing.
If you have contacts in your database that you collected prior to the GDPR coming into effect and those contacts were not collected using GDPR guidance on proper consent, we recommend you seek legal advice. There may be options open to you relating to “soft opt-in”, so it’s worth asking your lawyer about areas that relate to the existing Privacy and Electronic Communications Regulations (PECR).
If you’re a small business you can dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.
Find out more about how you can use direct marketing by watching a recording of our “Direct Marketing is not Dead” webinar with Data Protection lawyer, Matthew Holman.
Please be aware that this content does not constitute legal advice. You should always seek out your own independent legal advice for specific queries.