GB : What is Consent Guidance & Lawful Processing Under GDPR?

January 22, 2018 at 11:49 am EST

Published: Monday January 22, 2018

A blog by Kate Lewis, Head of Privacy and Data Compliance

When the ICO (Information Commissioner's Office) published its consultation on GDPR and consent last March, it left many unanswered questions for businesses. The good news is things are now much clearer, thanks to guidance from the EU's Article 29 Working Party.

The main thing to note, is that if consent is obtained prior to 25 May 2018 and meets all of the conditions required by GDPR, it will remain valid when the GDPR comes into force.

I understand, however, that for a lot of businesses the data previously gathered under the processing condition of 'consent' will not be valid. In light of this, we were particularly pleased to read this paragraph:

'If a controller finds that the consent previously obtained under the old legislation will not meet the standard of GDPR consent, then controllers must assess whether the processing may be based on a different lawful basis, taking into account the conditions set by the GDPR. However this is a one off situation as controllers are moving from applying the Directive to applying the GDPR. Under the GDPR, it is not possible to swap between one lawful basis and another. If a controller is unable to renew consent in a compliant way and is also unable to make the transition to GDPR compliance by basing data processing on a different lawful basis while ensuring that continued processing is fair and accounted for, the processing activities must be stopped. In any event the controller needs to observe the principles of lawful, fair and transparent processing.'

So, what does this mean in practice?

As long as you have been clear with an individual about how you intend to use their personal data, you may change the lawful processing condition you are reliant upon. However, it's important to stress that this decision must be made before GDPR comes into force. If you decide to do this on 26 May or later, the option is no longer available. So, if you've been relying on consent which does not meet GDPR standards, you may find you are unable to use any of that data.

We believe consent is one of the weakest conditions to rely upon - it's harder to obtain and can be withdrawn at any time. My advice would be to take the time now to really consider the processing conditions you intend to rely upon.

To help, we've created the following checklist:

Have you been clear with an individual about how you will use their data? If yes, document your position, including evidence of what an individual was told, and what lawful processing condition you intend to rely upon for processing their data in the future.
Update yourPrivacy Notice(also known as a Privacy Policy or Information Notice) and any other customer facing material to reflect this and ensure it meets GDPR's requirements.
If you are processing the data under Legitimate Interests, ensure you complete a balancing test (click here to use our free template, in the 'GDPR Customer Roll Out' section)
Are you confident you can defend the decisions you have made to an individual or a regulator?

Whilst these four steps are to be used as a guide and we can't offer legal advice, it should put you in a strong position to help evidence compliance with the requirement.

At GBG, we really welcome this clarification as it supports our own GDPR program, where we have been asking customers and data partners to consider their lawful processing conditions.

In my view, consent cannot be used with third party data partners as it's difficult to meet the clear and transparent requirement. This is because you don't know what data will be shared, with whom, and why. You would need to name every single third party that data is shared with. Can you confidently do this and be sure it won't change?

If there is another condition you can rely upon other than consent, you should do so.

We believe the strongest conditions GBG's customers should be relying upon are:

Compliance with a Legal Obligation
Public Interest
Performance of a Contract
Legitimate Interest

We've struggled to identify a scenario where one of our customers using GBG's products, and therefore third party data from GBG's partners, would be able to meet the criteria required to rely on 'Vital Interests' as a lawful processing condition.

To find out more information about how GBG's products can support your GDPR compliance, or to understand more about GBG's own GDPR plan, visit: www.gbgplc.com/our-gdpr-compliance-plan.

GB Group plc published this content on 22 January 2018 and is solely responsible for the information contained herein.
Distributed by Public, unedited and unaltered, on 22 January 2018 16:49:00 UTC.

Original documenthttps://www.gbgplc.com/newsroom/consent-guidance-gdpr/

Public permalinkhttp://www.publicnow.com/view/00E5B5C019A54AD32CD82DA9911D862D29A4C0EE

	1st Jan change	Capi.
GB GROUP PLC	+9.34%	945M
ADOBE INC.	-20.31%	212B
WORKDAY INC.	-7.09%	67.8B
ROPER TECHNOLOGIES, INC.	-1.48%	57.75B
AUTODESK, INC.	-11.26%	46.62B
DATADOG, INC.	+4.47%	42.26B
ELECTRONIC ARTS INC.	-7.18%	33.99B
ANSYS, INC.	-9.70%	28.46B
APPLOVIN CORPORATION	+74.76%	23.45B
PTC INC.	+3.28%	21.57B

1st Jan change

Capi.

GB GROUP PLC

+9.34%

945M

ADOBE INC.

-20.31%

212B

WORKDAY INC.

-7.09%

67.8B

ROPER TECHNOLOGIES, INC.

-1.48%

57.75B

AUTODESK, INC.

-11.26%

46.62B

DATADOG, INC.

+4.47%

42.26B

ELECTRONIC ARTS INC.

-7.18%

33.99B

ANSYS, INC.

-9.70%

28.46B

APPLOVIN CORPORATION

+74.76%

23.45B

PTC INC.

+3.28%

21.57B

Delayed London S.E. Other stock markets 10:14:58 2024-04-24 am EDT			5-day change	1st Jan Change
299.6 ^GBX	-0.47%		+19.94%	+9.34%

Apr. 23	FTSE 100 gains pared after hitting record high	AN
Apr. 23	AIM WINNERS & LOSERS: RWS shares hit by drop in profit	AN

FTSE 100 gains pared after hitting record high	Apr. 23	AN
AIM WINNERS & LOSERS: RWS shares hit by drop in profit	Apr. 23	AN
GB Group's shares jump 13% as predicts better-than-expected profit	Apr. 23	AN
GB Group Logs Decline in FY24 Revenue; FY25 Picture to Improve	Apr. 23	MT
GB Group plc Provides Earnings Guidance for the Year 2024 and 2025	Apr. 23	CI
Banger, Inc. announced that it has received $4.8 million in funding from a group of investors	Feb. 08	CI
News Highlights : Top Financial Services News of the Day - Tuesday at 4 PM ET	Jan. 30	DJ
FTSE 100 Ends on Three-Week High, Partly on Diageo Rebound	Jan. 30	DJ
News Highlights : Top Financial Services News of the Day - Tuesday at 11 AM ET	Jan. 30	DJ
GB Group's New CEO Takes Office	Jan. 30	MT
GB Group "confident" in full-year outlook, confirms new CEO	Jan. 30	AN
GB Group Affirms FY24 Expectations	Jan. 30	MT
Peel Hunt Raises GB Group to Add from Hold	Jan. 29	MT
Digital 9 shares jump on wind down plans	Jan. 29	AN
Berenberg raises IMI; Exane BNP cuts Schroders	Jan. 29	AN
JPMorgan raises Rio Tinto to 'overweight'	Dec. 12	AN
JPMorgan cuts Diageo to neutral from overweight	Nov. 29	AN
GB Group reports half-year loss on impairment charge	Nov. 28	AN
Transcript : GB Group plc, H1 2024 Earnings Call, Nov 28, 2023	Nov. 28
GB Group's Fiscal H1 Loss Widens; Revenue Down	Nov. 28	MT
Earnings Flash (GBG.L) GB GROUP Reports Fiscal H1 Revenue GBP132.4M	Nov. 28	MT
Earnings Flash (GBG.L) GB GROUP Posts Fiscal H1 Loss GBX-21.80	Nov. 28	MT
GB Group plc Reports Earnings Results for the Half Year Ended September 30, 2023	Nov. 28	CI
Zephyr Energy sales fall in third quarter	Nov. 15	AN
GB Group CEO to retire; Dev Dhiman named as successor	Nov. 08	AN

GB Group plc

Equities

GBG

GB0006870611

Software

GB : What is Consent Guidance & Lawful Processing Under GDPR?

Latest news about GB Group plc

Chart GB Group plc

Company Profile

Income Statement Evolution

Ratings for GB Group plc

Analysts' Consensus

EPS Revisions

Quarterly earnings - Rate of surprise

Sector Application Software